[Snort-users] ACID: Outer Join Not Supported

rdanyliw at ...1925... rdanyliw at ...1925...
Wed May 23 11:49:53 EDT 2001


Kevin,

You are exactly correct.  PostgreSQL < 7.1 doesn't support quite
a few SQL operations.  One of which is the lack of support for
OUTER JOINS.  This functionality (among others) is quite 
crucial, hence the requirement for PostgreSQL v7.1+

[snip from ACID README]
 - MySQL 3.23+ or PostgreSQL 7.1+ as the database used by Snort to store the 
   alert information.
[end snip]

In reference to incorrect alerts being displayed from the "graph
alert detection time" page, I believe this issue has been fixed.
Please let me know otherwise (and send the calling page and
the incorrect result page with $debug_mode=1 based on the
CVS code)

Thanks, 
Roman

> This error shows up on the main page (acid_main.php) when I try to access
> the Postgres (7.0.3) snort database with the latest version of Acid that I
> checked out of CVS (0.9.6b10).  I was trying the new version because the
> previous version I had (0.9.6b8) was flaking on me.  With 0.9.6b8 I would
> graph the alerts by number per hour and it would come back with the display,
> but when I would click on a specific hour (e.g. 10:00-10:59) to see the
> actual alerts it would come back saying that it found 0 alerts even if the
> graph said 800 alerts for that hour.
> 
> The problem is, v0.9.6b10 seems to be using something that Postgres 7.0.3
> doesn't know how to do, so instead of seeing the graphs for Traffic by
> protocol I see the table and at the bottom I see:
> 
> Database ERROR:ERROR: OUTER JOIN is not yet supported
> 
> 
> 
> Begin Geek Code;
> $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
> ^=(
> $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%
> 16
> -2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
> h
> =5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
> d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
> $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
> (($h>>=8)+=$f+(~$g&$t))for at ...1981...[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list