[Snort-users] problems with acid snort mysql

roman at ...438... roman at ...438...
Mon Sep 24 18:48:02 EDT 2001


Dennis,

Your version of ACID is too old to use with Snort 1.8.  Upgrade 
to at least 0.9.6b10+ (b15 is recommended).

Roman

> I Have the following Problem running snort-1.8.1_1 and Acid-0.9.6b1
> I always get this error Unknown column 'ip_src0' in 'field list'
> 
> -------------------------------------------------------
>          URL: '/acid_pkt_main.php' (refered by:
> 'https://secure.nipsi.de/acid_main.php')
>          PARAMETERS:
>
'&num_result_rows=-1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=+&submit=Query+DB&current_view=-1'
> 
>          CLIENT: Mozilla/4.75 [de] (Windows NT 5.0; U)
>          SERVER: Apache/1.3.20 (Unix) PHP/4.0.6 mod_ssl/2.8.4
> OpenSSL/0.9.6
> 
> 
> 
>          submit: 'Query DB'
>          num_result_rows: '-1'  current_view: '-1'
>          layer4: ''
> 
> 
>  time_cnt
>          ip_addr_cnt
>                     ip_field_cnt
>                               ip_opt_cnt
>                                        tcp_port_cnt
>                                                     tcp_field_cnt
> 
> tcp_opt_cnt
> 
> udp_port_cnt
> 
> udp_field_cnt
> 
> icmp_field_cnt
> 
> data_cnt
> 
> save_sql =
> save_criteria =
> caller =
> action=
> ag_add_key=
> 
> 
> IP first 0 0 0 0
> IP masking 0 0 0 0 = 0 =
> IP back 0: 0 0 0 0
> 
> SQL: SELECT event.sid, event.cid, signature, timestamp, ip_src0,
> ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto
> FROM event
> LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE
> event.cid > 0Query execution error: Unknown column 'ip_src0' in 'field
> list'
> ----------------------------------------------------------------------
> regards Dennis
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list