[Snort-users] ACID: Outer Join Not Supported

Kevin Brown Kevin.M.Brown at ...1022...
Wed May 23 12:04:59 EDT 2001


Joy.  Guess that means I will need to compile the new version of Postgres on
both the server and the snort machines and then rebuild snort.  Guess it's
time to do some digging and make sure that I won't break anything by doing
this.

-----Original Message-----
From: rdanyliw at ...1925... [mailto:rdanyliw at ...1925...]
Sent: Wednesday, May 23, 2001 04:50
To: Kevin Brown
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ACID: Outer Join Not Supported


Kevin,

You are exactly correct.  PostgreSQL < 7.1 doesn't support quite
a few SQL operations.  One of which is the lack of support for
OUTER JOINS.  This functionality (among others) is quite 
crucial, hence the requirement for PostgreSQL v7.1+

[snip from ACID README]
 - MySQL 3.23+ or PostgreSQL 7.1+ as the database used by Snort to store the

   alert information.
[end snip]

In reference to incorrect alerts being displayed from the "graph
alert detection time" page, I believe this issue has been fixed.
Please let me know otherwise (and send the calling page and
the incorrect result page with $debug_mode=1 based on the
CVS code)

Thanks, 
Roman

> This error shows up on the main page (acid_main.php) when I try to access
> the Postgres (7.0.3) snort database with the latest version of Acid that I
> checked out of CVS (0.9.6b10).  I was trying the new version because the
> previous version I had (0.9.6b8) was flaking on me.  With 0.9.6b8 I would
> graph the alerts by number per hour and it would come back with the
display,
> but when I would click on a specific hour (e.g. 10:00-10:59) to see the
> actual alerts it would come back saying that it found 0 alerts even if the
> graph said 800 alerts for that hour.
> 
> The problem is, v0.9.6b10 seems to be using something that Postgres 7.0.3
> doesn't know how to do, so instead of seeing the graphs for Traffic by
> protocol I see the table and at the bottom I see:
> 
> Database ERROR:ERROR: OUTER JOIN is not yet supported
> 
> 
> 
> Begin Geek Code;
>
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
> ^=(
>
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%
> 16
>
-2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
> h
>
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
>
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
> $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
> (($h>>=8)+=$f+(~$g&$t))for at ...1981...[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list