[Snort-users] (no subject)

Marc-Andre Hamelin mhamelin at ...1801...
Wed Nov 28 14:40:03 EST 2001


Hi Roman,

I had the same problem.
It occurred when I was doing a query with "Src or Dest" in ip criteria. I'm
using schemas 104. The problem started only when I upgraded to acid-0.9.6b18

After looking at the source code in acid_qry_common.php, I corrected the
problem by deleting "acid_event." in 2 lines (see below).
Since "acid_event." is already in $sql, it was appearing twice in the
request.


...
  $sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, ".
         "acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM
acid_event"; 
...


...
        /* if have chosen the address type to be both source and destination
*/
        if ( ereg("ip_both", $tmp) )
        {
####### BEFORE #######
#          $tmp_src = ereg_replace("ip_both","acid_event.ip_src",$tmp);
#          $tmp_dst = ereg_replace("ip_both","acid_event.ip_dst",$tmp);
####### AFTER #######
           $tmp_src = ereg_replace("ip_both","ip_src",$tmp);
           $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp);
#######
           if ( $ip_addr[$i][2] == '=' )
             $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';
           else
             $tmp = "(".$tmp_src.') AND ('.$tmp_dst.')';
        }
...



Hope this help.

Marc
 


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Roman
Danyliw
Sent: 26 novembre, 2001 14:11
To: Radomski, Mike
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] (no subject)


- What version of the DB schema are you running?
- Did you successfully apply the ACID modifications to the schema?  Did
you use the acid_db_setup.php page or run the create_acid_tbls_mysql.sql
scripts?
- What exact operation were you trying to perform when this error occurred?

Roman

On 26 November 2001 11:22, Radomski, Mike wrote:
>       ACID version number: acid-0.9.6b18
>       Web browser (and version) any
>       Web server (and version) apache-1.3.20-16
>       PHP version php-4.0.6-7
>       Database server (and version) mysql-3.23.41-1
>       Anytime I run a search I get the following results.
>
> Initial/Canned Query or Sort Clicked
> Database ERROR:Database ERROR:Unknown table 'acid_event.acid_event' in
> where clause
> SELECT COUNT(acid_event.cid) FROM acid_event WHERE acid_event.sid > 0
AND (
> (( acid_event.acid_event.ip_src=2296320043 ) OR (
> acid_event.acid_event.ip_dst=2296320043 )) )
> SELECT COUNT(acid_event.cid) FROM acid_event  WHERE  acid_event.sid > 0
AND
> (  (( acid_event.acid_event.ip_src=2296320043 ) OR (
> acid_event.acid_event.ip_dst=2296320043 ))   )
>
> Thanks
>
> Mike Radomski
>
> SUNY - ITEC
> Information Technology Exchange Center
> Systems Programmer/Analyst
> E-mail: Mike.Radomski at ...4155...
> Systems E-Mail: scsys at ...4155...



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list