[Snort-users] archiving problem

Mark Rowlands mark.rowlands at ...752...
Sat Sep 22 02:46:01 EDT 2001


Warning: Access denied for user: 'snort at ...274...' (Using password: NO) in 
/usr/local/share/doc/apache/php/adodb/adodb-mysql.inc.php on line 85

unsurprising considering snort requires a password from localhost

when attempting to archive.   I have set up the database and amended 
acid_conf.php...... 

acid cvsupped at 09:30 CET 22-09-01
snort 1.81
FreeBSD (4.4 RC where acid lives, 4.4-stable for the snort machine)

debug follows

Session Registered
importing POST var 'ip_addr_cnt'
importing POST var 'time_cnt'
importing POST var 'ip_field_cnt'
importing POST var 'tcp_port_cnt'
importing POST var 'tcp_field_cnt'
importing POST var 'udp_port_cnt'
importing POST var 'udp_field_cnt'
importing POST var 'icmp_field_cnt'
importing POST var 'data_cnt'
History depth = 6
ACID
 Query Results Home    
Search   |   AG Maintenance 

URL: '/a2/acid_qry_main.php' (referred by: 
'http://192.168.0.2/a2/acid_qry_main.php?new=1&num_result_rows=-1&submit=Query+DB¤t_view=-1&ip_addr_cnt=1&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=ip_src&ip_addr%5B0%5D%5B2%5D=%3D&ip_addr%5B0%5D%5B3%5D=256.256.256.256&ip_addr%5B0%5D%5B8%5D=+&ip_addr%5B0%5D%5B9%5D=+')
PARAMETERS: ''
CLIENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
SERVER: Apache/1.3.20 (Unix) PHP/4.0.6 
SERVER HW: FreeBSD pcmarbsd.tninet.se 4.4-RC FreeBSD 4.4-RC #0: Thu Aug 16 
20:05:06 CEST 2001     root at ...2874...:/usr/obj/usr/src/sys/MARK  i386
DATABASE TYPE: mysql  DB ABSTRACTION VERSION: 
PHP VERSION: 4.0.6  PHP API: apache
SESSION ID: 5e4f3209f7082b74da3fe222bc38ea4e
       
Checking for DB abstraction lib in 
'/usr/local/www/data/php/adodb/adodb.inc.php'
sensor #1: event.cid = 25228, acid_event.cid = 25228
sensor #2: event.cid = 0, acid_event.cid = 0
sensor #3: event.cid = 307, acid_event.cid = 307
sensor #4: event.cid = 30909, acid_event.cid = 30909
Added 0 alert(s) to the Alert cache

new: ''   
submit: 'Entire Query'
sort_order: ''
num_result_rows: '1068'  current_view: '0'
layer4: ''  caller: ''
action: 'archive_alert2'  action_arg: ''
      
==== ACTION ======
context = 1
==== ARCHIVE-move Alerts ========
num_alert = 1068
action_sql = SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 
acid_event.sid > 0 AND ( ( ip_src IS NULL ) )
action_op = Entire Query
action_arg = 
action_param = 
context = 1
limit_start = -1
limit_offset = -1
using_blobs = 1

Gathering elements from 50 alert blobs
0 = [using SQL 1068 for blob #0-(4-16404)]: SELECT acid_event.sid, 
acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND ( ( ip_src IS 
NULL ) )
4 - 16404
Checking for DB abstraction lib in 
'/usr/local/www/data/php/adodb/adodb.inc.php'

Warning: Access denied for user: 'snort at ...274...' (Using password: NO) in 
/usr/local/share/doc/apache/php/adodb/adodb-mysql.inc.php on line 85
localhost

-- 





More information about the Snort-users mailing list