[Snort-users] Acid: Unable to archive

roman at ...438... roman at ...438...
Mon Oct 15 07:34:01 EDT 2001


Paul,

What exactly is the error you are experiencing?  The posted log below is
debugging output created because $debug_mode has been configure to 1 or
greater.  Set $debug_mode back to 0 and this debugging information will
not be produced.

Roman

On Tue, 9 Oct 2001, Paul Asadoorian wrote:

> I get the following error when trying to archive using the latest version of
> acid:
>
> === ARCHIVE-move Alerts ========
> num_alert = 4145
> action_sql = SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE
> acid_event.sid > 0 AND acid_event.sid=2 AND sig_name LIKE '%cmd.exe%' AND
> ( (( ip_src=2157199167 ) OR (ip_dst=2157199167 )) )
> action_op = ALL on Screen
> action_arg =
> action_param =
> context = 1
> limit_start = -1
> limit_offset = -1
> using_blobs =
>
> Gathering elements from 50 alert blobs
> 2 - 18063
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> 2 - 18069
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> 2 - 18071
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> Checking for DB abstraction lib in '/opt/local/adodb/adodb.inc.php'
> 
> Has anyone else seen this?
> 
> Thanks,
> 
> Paul Asadoorian




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list