[Snort-users] acid-0.9.6b18 - problems with postgresql

roman at ...438... roman at ...438...
Fri Nov 16 13:56:03 EST 2001


Hugh,

The patch you sent will not return a count of unique links.  Rather, this 
SQL will return the number of unique source IPs, dest. IPs, and IP proto.

A fix for this issue (and for MS SQL) has been committed to CVS.

cheers,
Roman

On Fri, 16 Nov 2001, Hugh Fraser wrote:


> Vladimir Strezhnev wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >(Snort 1.8.2, postgresql 7.1.3, acid-0.9.6b18)
> >
> >Acid-0.9.6b18 and the latest acid CVS produce the following error loading the 
> >acid_main.php screen when configured with postgresql support 
> >
> >Database ERROR:Database ERROR:ERROR: Aggregate functions may only have one 
> >parameter
> > 
> >All previous recent versions (tested b13, b14, b17)  work fine with the same 
> >configuration.
> >
> >- -- 
> >VLADIMIR STREZHNEV
> >System Engineer
> >IndiVisual Learning, LLC
> >St. Paul, MN 
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGP 6.5.8
> >
> >iQA/AwUBO/VcUr5tPDt+Qc/uEQJvRQCcDgcaKEyya4LZPqGqg3e5fcgF5coAoKdO
> >y7z8aVUlpiED1VoTnBBQwDCN
> >=D3Wf
> >-----END PGP SIGNATURE-----
> >
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> There's at least one change that needs to go into ACID.
> 
> diff ./acid_stat_common.php /var/www/html/acid/acid_stat_common.php
> 308c308
> <      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
> acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM 
> acid_event");
> ---
>  >      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
> acid_event.ip_src), COUNT(DISTINCT acid_event.ip_dst), COUNT(DISTINCT 
> acid_event.ip_proto) FROM acid_event");
> 310c310
> <      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
> acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM 
> acid_event $join $where");
> ---
>  >      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
> acid_event.ip_src), COUNT(DISTINCT acid_event.ip_dst), COUNT(DISTINCT 
> acid_event.ip_proto) FROM acid_event $join $where");
> 
> I expect this aggregating that Postgres doesn't like happens in other 
> modules as well.
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list