[Snort-users] ACID and delete alerts

cc cc at ...9707...
Mon Feb 16 02:53:02 EST 2004


Hi,

I'm using Snort 2.1.1RC2, ACID 0.9.6b23, MySQL 4.x.

The Acid database is getting big, and I was trying to delete
these acid alerts, but ACID keeps on saying "No alerts
were selected or the DELETE was not successful."

I go to the "Display 5 Most Frequent Alerts" and then select
the first one (which happens to be a custom rule "Blocked Ad")
and selected "Delete Alerts" in the combo box.  Then I click on
Selected.

Here's a debug of the Delete Alerts part:

==== ACTION ======
context = 2


==== DELETE Alerts ========
num_alert = 5
action_sql = FROM acid_event WHERE acid_event.sid > 0
action_op = Selected
action_arg =
action_param =
context = 2
limit_start = -1
limit_offset = -1
using_blobs = 1

Gathering elements from 1 alert blobs
0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE acid_event.sid > 0 AND signature='-1'
1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE acid_event.sid > 0 AND signature='-1'
2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE acid_event.sid > 0 AND signature='-1'
3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE acid_event.sid > 0 AND signature='-1'
4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE acid_event.sid > 0 AND signature='-1'
No alerts were selected or the DELETE was not successful

-------------------------------------

I've been having troubles doing this since I first installed ACID, it's
just that I haven't had the time to figure it out.  Now with a little
bit of time, I can spend some time analyzing some of these alerts.

Btw, I'm using Mozilla 1.6, if it makes any difference.


Any help appreciated.

Edmund




More information about the Snort-users mailing list