[Snort-users] acid problem when deleting alerts
roman at ...438...
roman at ...438...
Tue Mar 27 13:39:55 EST 2001
I recommend you checkout the lastest copy of ACID from CVS. There
have been several patches made to fix problems directly related
to alert deletion using "Entire Query" since the 0.9.6b7 release.
> I'm using ACID v0.96b7 and snort Version 1.7-CanSec (Build 8)
> I think there are still some problems with selection, but not in the
> two tests I did below.
> I went to Unique Alerts: and did your scenario for
> a particular alert and got "Successfully deleted 1549 alert(s)"
> I used your scenario exactly deleting 2274 alerts ("INFO FTP anonymous FTP")
> and got "Successfully deleted 2274 alert(s)"
> On Tue, Mar 27, 2001 at 11:43:32AM +0200, Roeland Weve wrote:
> > Something weird happening in acid.
> > I want to delete an alert (1226 records).
> > So, I go to the search section and type in the exact alert signature
> > (combo box has value exactly).
> > I leave the rest blank and press the button 'Query DB'.
> > At the bottom of the next page, I change the combo box 'action' to
> > 'Delete Alert(s)' and then I press the 'Entire Query' button.
> > As I am pretty sure in previous versions if Acid, if I did this action,
> > all the rules were deleted. No I get an (red) error message 'Error
> > retrieving delete list'.
> > The other options to delete alerts are working good, but it is not fast
> > to delete a couple of thousands alerts with the options 'ALL on screen'
> > or 'selected'.
> > I hope this function will be back, because it was working good.
> > Or did I do something wrong in some acid files (actually I've only
> > changed the config file).
> > Roeland
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Phil Wood, cpw at ...440...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
This message was sent using Voicenet WebMail.
More information about the Snort-users