[Snort-users] Email using mysql

roman at ...438... roman at ...438...
Mon May 7 13:56:03 EDT 2001


Mike,
 
It looks like you are using a really old version of the code (0.9.5).
Significant internal changes have been made to ACID since that
release.  Goto http://acidlab.sourceforge.net and download
the latest tarball (0.9.6b8).  
 
Note: I fixed a bug related to sending alerts in an email related
to signature names coming up incorrectly this morning.  
Depending on your configuration (whether you are running
DB schema version > 100), this may affect you.  If so,
check out a copy from CVS.

cheers,
Roman


> > ------_=_NextPart_001_01C0D719.CC3522C4
> > Content-Type: text/plain;
> > 	charset="iso-8859-1"
> > 
> > Hello, I'm having a problem with ACID sending an email of selected alerts.
> > The order of events I do to generate the error are as follows.
> > 
> > 1.  Launch web browser (IE 5.01) and pull up the acid_main.php page (hosted
> > on Apache server version 1.3.19-5).
> > 2.  Pull up a set of alerts I'm interested.  At the bottom of the page, I
> > use the drop down box to select "Email Alerts(s)" and in the corresponding
> > field, I type the email address I want to send it to.
> > 3.  The webpage is refreshed, but with error messages.
> > 
> > Warning: 1 is not a valid MySQL-Link resource in
> > /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 83
> > Warning: Supplied argument is not a valid MySQL result resource in
> > /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 129
> > Warning: 1 is not a valid MySQL-Link resource in
> > /home/httpd/html/acid/acid_pkt_main.php on line 507
> > 
> > However, I do get an email message sitting in my inbox, but it has no query
> > data on it.  All it says is 
> > 
> >  
> > Bottom of Form 0
> > ACID v0.9.5 ( by Roman Danyliw <mailto:roman at ...438...> as part of the
> > AirCERT <http://www.cert.org/kb/aircert/> project )	
> > 
> > I set acid to debug mode=1 in the acid_conf.php page and it spit out a whole
> > bunch of stuff, the most interesting to me was the actual sql query it ran
> > against the snort database.  I'll include that here.
> > 
> > SQL: SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1,
> > ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event
> > LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE
> > event.cid > 0 AND signature='BIND Shell' 
> > 
> > Just as a part of troubleshooting, I went ahead and used a mysql client to
> > enter that query in and it returned the expected data with no errors, so I
> > know the query is good.
> > 
> > I'm using  MySQL version 3.23.36-1.  Not sure what the problem is, but maybe
> > someone can help me.
> > 
> > 
> > 
> > Mike Aylor
> > maylor at ...1991...
> > 
> > 
> > 
> > CONFIDENTIALITY NOTICE:
> > 
> > ************************************************************************
> > 
> > The information contained in this ELECTRONIC MAIL transmission
> > is confidential.  It may also be privileged work product or proprietary
> > information. This information is intended for the exclusive use of the
> > addressee(s).  If you are not the intended recipient, you are hereby
> > notified that any use, disclosure, dissemination, distribution [other
> > than to the addressee(s)], copying or taking of any action because
> > of this information is strictly prohibited.
> > 
> > ************************************************************************
> > 
> > ------_=_NextPart_001_01C0D719.CC3522C4
> > Content-Type: text/html; charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > 
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> > <HTML>
> > <HEAD>
> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
> > 1">
> > <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2650.12">
> > <TITLE>Email using mysql</TITLE>
> > </HEAD>
> > <BODY>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">Hello, I'm having a problem with ACID send=
> > ing an email of selected alerts.  The order of events I do to generate=
> >  the error are as follows.</FONT></P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">1.  Launch web browser (IE 5.01) and =
> > pull up the acid_main.php page (hosted on Apache server version 1.3.19-5).<=
> > /FONT>
> > <BR><FONT SIZE=3D2 FACE=3D"Arial">2.  Pull up a set of alerts I'm inte=
> > rested.  At the bottom of the page, I use the drop down box to select =
> > "Email Alerts(s)" and in the corresponding field, I type the emai=
> > l address I want to send it to.</FONT></P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">3.  The webpage is refreshed, but wit=
> > h error messages.</FONT>
> > </P>
> > 
> > <P><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE=
> > =3D"Arial">: 1 is not a valid MySQL-Link resource in</FONT><B> <FONT SIZE=
> > =3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_sqlcalls.php</FONT></B><=
> > FONT SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE=3D2 FACE=3D"Aria=
> > l">83</FONT></B>
> > <BR><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE=
> > =3D"Arial">: Supplied argument is not a valid MySQL result resource in</FON=
> > T><B> <FONT SIZE=3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_sqlcalls=
> > ..php</FONT></B><FONT SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE=
> > =3D2 FACE=3D"Arial">129</FONT></B></P>
> > 
> > <P><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE=
> > =3D"Arial">: 1 is not a valid MySQL-Link resource in</FONT><B> <FONT SIZE=
> > =3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_main.php</FONT></B><FONT=
> >  SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE=3D2 FACE=3D"Arial">5=
> > 07</FONT></B>
> > </P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">However, I do get an email message sitting=
> >  in my inbox, but it has no query data on it.  All it says is </FONT>
> > </P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial"></FONT> 
> > 
> > <P ALIGN=3DCENTER><FONT SIZE=3D1 FACE=3D"Arial">Bottom of Form 0</FONT></P>
> > 
> > <P><FONT FACE=3D"Times New Roman">ACID v0.9.5 ( by<U> </U></FONT><U><FONT C=
> > OLOR=3D"#0000FF" FACE=3D"Times New Roman">Roman Danyliw <<A HREF=3D"mail=
> > to:roman at ...438...">mailto:roman at ...438...</A>></FONT></U><FONT FACE=
> > =3D"Times New Roman"> as part of the</FONT><U> <FONT COLOR=3D"#0000FF" FACE=
> > =3D"Times New Roman">AirCERT <<A HREF=3D"http://www.cert.org/kb/aircert/=
> > " TARGET=3D"_blank">http://www.cert.org/kb/aircert/</A>></FONT></U><FONT=
> >  FACE=3D"Times New Roman"> project )   <BR>
> > </FONT>
> > <BR><FONT SIZE=3D2 FACE=3D"Arial">I set acid to debug mode=3D1 in the acid_=
> > conf.php page and it spit out a whole bunch of stuff, the most interesting =
> > to me was the actual sql query it ran against the snort database.  I'l=
> > l include that here.</FONT></P>
> > 
> > <P><FONT FACE=3D"Times New Roman">SQL: SELECT event.sid, event.cid, signatu=
> > re, timestamp, ip_src0, ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst=
> > 2, ip_dst3, ip_proto FROM event LEFT JOIN iphdr ON event.sid=3Diphdr.sid AN=
> > D event.cid=3Diphdr.cid WHERE event.cid > 0 AND signature=3D'BIND Shell'=
> >  </FONT></P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">Just as a part of troubleshooting, I went =
> > ahead and used a mysql client to enter that query in and it returned the ex=
> > pected data with no errors, so I know the query is good.</FONT></P>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">I'm using  MySQL version 3.23.36-1.&n=
> > bsp; Not sure what the problem is, but maybe someone can help me.</FONT>
> > </P>
> > <BR>
> > <BR>
> > 
> > <P><FONT SIZE=3D2 FACE=3D"Arial">Mike Aylor</FONT>
> > <BR><FONT SIZE=3D2 FACE=3D"Arial">maylor at ...1991...</FONT>
> > </P>
> > 
> > <CODE><FONT SIZE=3D3><BR>
> > <BR>
> > CONFIDENTIALITY NOTICE:<BR>
> > <BR>
> > ************************************************************************<BR>
> > <BR>
> > The information contained in this ELECTRONIC MAIL transmission<BR>
> > is confidential.  It may also be privileged work product or proprietary<BR>
> > information. This information is intended for the exclusive use of the<BR>
> > addressee(s).  If you are not the intended recipient, you are hereby<BR>
> > notified that any use, disclosure, dissemination, distribution [other<BR>
> > than to the addressee(s)], copying or taking of any action because<BR>
> > of this information is strictly prohibited.<BR>
> > <BR>
> > ************************************************************************<BR>
> > </FONT></CODE></BODY>
> > </HTML>
> > ------_=_NextPart_001_01C0D719.CC3522C4--
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 
> 
> 
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
> 
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list