[Snort-users] acid problem when deleting alerts

Phil Wood cpw at ...440...
Tue Mar 27 12:50:05 EST 2001


I'm using ACID v0.96b7 and snort Version 1.7-CanSec (Build 8)

I think there are still some problems with selection, but not in the
two tests I did below.

I went to Unique Alerts: and did your scenario for
a particular alert and got "Successfully deleted 1549 alert(s)"

I used your scenario exactly deleting 2274 alerts ("INFO FTP anonymous FTP")
  and got "Successfully deleted 2274 alert(s)"

On Tue, Mar 27, 2001 at 11:43:32AM +0200, Roeland Weve wrote:
> Something weird happening in acid.
> 
> I want to delete an alert (1226 records).
> So, I go to the search section and type in the exact alert signature
> (combo box has value exactly).
> I leave the rest blank and press the button 'Query DB'.
> At the bottom of the next page, I change the combo box 'action' to
> 'Delete Alert(s)' and then I press the 'Entire Query' button.
> As I am pretty sure in previous versions if Acid, if I did this action,
> all the rules were deleted. No I get an (red) error message 'Error
> retrieving delete list'.
> The other options to delete alerts are working good, but it is not fast
> to delete a couple of thousands alerts with the options 'ALL on screen'
> or 'selected'.
> 
> I hope this function will be back, because it was working good.
> Or did I do something wrong in some acid files (actually I've only
> changed the config file).
> 
> Roeland
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list