[Snort-users] Email using mysql

Michael Aylor maylor at ...1991...
Mon May 7 13:18:54 EDT 2001

Hello, I'm having a problem with ACID sending an email of selected alerts.
The order of events I do to generate the error are as follows.

1.  Launch web browser (IE 5.01) and pull up the acid_main.php page (hosted
on Apache server version 1.3.19-5).
2.  Pull up a set of alerts I'm interested.  At the bottom of the page, I
use the drop down box to select "Email Alerts(s)" and in the corresponding
field, I type the email address I want to send it to.
3.  The webpage is refreshed, but with error messages.

Warning: 1 is not a valid MySQL-Link resource in
/home/httpd/html/acid/acid_pkt_sqlcalls.php on line 83
Warning: Supplied argument is not a valid MySQL result resource in
/home/httpd/html/acid/acid_pkt_sqlcalls.php on line 129
Warning: 1 is not a valid MySQL-Link resource in
/home/httpd/html/acid/acid_pkt_main.php on line 507

However, I do get an email message sitting in my inbox, but it has no query
data on it.  All it says is 

Bottom of Form 0
ACID v0.9.5 ( by Roman Danyliw <mailto:roman at ...438...> as part of the
AirCERT <http://www.cert.org/kb/aircert/> project )	

I set acid to debug mode=1 in the acid_conf.php page and it spit out a whole
bunch of stuff, the most interesting to me was the actual sql query it ran
against the snort database.  I'll include that here.

SQL: SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1,
ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event
LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE
event.cid > 0 AND signature='BIND Shell' 

Just as a part of troubleshooting, I went ahead and used a mysql client to
enter that query in and it returned the expected data with no errors, so I
know the query is good.

I'm using  MySQL version 3.23.36-1.  Not sure what the problem is, but maybe
someone can help me.

Mike Aylor
maylor at ...1991...



The information contained in this ELECTRONIC MAIL transmission
is confidential.  It may also be privileged work product or proprietary
information. This information is intended for the exclusive use of the
addressee(s).  If you are not the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution [other
than to the addressee(s)], copying or taking of any action because
of this information is strictly prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010507/be9a03b4/attachment.html>

More information about the Snort-users mailing list