[Snort-users] ACID v0.96b17 and postgres query problems

Mark W. Davis mwd at ...497...
Sun Nov 4 22:37:02 EST 2001


When selecting a SOURCE or DESTINATION address in the Unique
Addresses section of the 'Summary Statistics' box this error
occurs(It also occurs in many other places as well):

Syslog error:
postgres[2416]: [2] ERROR:  For SELECT DISTINCT, ORDER BY expressions must appear in target list

Debug output:
Session Registered
History depth = 3
CRITERIA ERROR: unknown address type -- assuming Dst address

Checking for DB abstraction lib in '/apache/htdocs/adodb/adodb.inc.php'
sensor #1: event.cid = 2699, acid_event.cid = 2699
Added 0 alert(s) to the Alert cache

Valid Canned Query List 

Array
(
    [most_frequent] => Array
        (
            [0] => 15
            [1] => Most Frequent IP addresses
            [2] => occur_d
        )

)

Query State
caller = ''
num_result_rows = '4'
sort_order = ''
current_view = '0'
action_arg = ''
action = ''
SELECT DISTINCT ip_dst, COUNT(acid_event.cid) as num_events, 
COUNT( DISTINCT acid_event.sid) as num_sensors, COUNT(DISTINCT signature ) 
as num_sig, COUNT( DISTINCT ip_dst ) as num_dip FROM acid_event 
WHERE acid_event.sid > 0 AND ip_proto= 6 GROUP BY ip_dst 

URL: '/acid/acid_stat_uaddr.php' (referred by: 'http://xxx.domain.com/acid/acid_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB')
         PARAMETERS: 'addr_type=1'
         CLIENT: Mozilla/4.76 [en] (X11; U; Linux 2.2.18 i686)
         SERVER: Apache/1.3.20 (Unix) mod_perl/1.26 mod_ssl/2.8.4 
         SERVER HW: Linux xxx.domain.com 2.2.19 #1 Fri Mar 9 12:09:12 PST 2001 i686 unknown
         DATABASE TYPE: postgres  DB ABSTRACTION VERSION: 
         PHP VERSION: 4.0.6  PHP API: apache
         SESSION ID: aceb4d279c0b08272e66f1

I am running snort 1.8.1-release logging to postgres 1.7mumble. 
-- 
Mark W. Davis




More information about the Snort-users mailing list