[Snort-users] ACID and delete alerts

Michael Steele michaels at ...9077...
Mon Feb 16 08:03:03 EST 2004


Check your configure in 'acid_conf.php" and make sure its correct and make
sure ACID has enough permissions to delete from the database.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of cc
> Sent: Monday, February 16, 2004 2:46 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] ACID and delete alerts
> 
> Hi,
> 
> I'm using Snort 2.1.1RC2, ACID 0.9.6b23, MySQL 4.x.
> 
> The Acid database is getting big, and I was trying to delete
> these acid alerts, but ACID keeps on saying "No alerts
> were selected or the DELETE was not successful."
> 
> I go to the "Display 5 Most Frequent Alerts" and then select
> the first one (which happens to be a custom rule "Blocked Ad")
> and selected "Delete Alerts" in the combo box.  Then I click on
> Selected.
> 
> Here's a debug of the Delete Alerts part:
> 
> ==== ACTION ======
> context = 2
> 
> 
> ==== DELETE Alerts ========
> num_alert = 5
> action_sql = FROM acid_event WHERE acid_event.sid > 0
> action_op = Selected
> action_arg =
> action_param =
> context = 2
> limit_start = -1
> limit_offset = -1
> using_blobs = 1
> 
> Gathering elements from 1 alert blobs
> 0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
> acid_event WHERE acid_event.sid > 0 AND signature='-1'
> 1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
> acid_event WHERE acid_event.sid > 0 AND signature='-1'
> 2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
> acid_event WHERE acid_event.sid > 0 AND signature='-1'
> 3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
> acid_event WHERE acid_event.sid > 0 AND signature='-1'
> 4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
> acid_event WHERE acid_event.sid > 0 AND signature='-1'
> No alerts were selected or the DELETE was not successful
> 
> -------------------------------------
> 
> I've been having troubles doing this since I first installed ACID, it's
> just that I haven't had the time to figure it out.  Now with a little
> bit of time, I can spend some time analyzing some of these alerts.
> 
> Btw, I'm using Mozilla 1.6, if it makes any difference.
> 
> 
> Any help appreciated.
> 
> Edmund
> 
> 
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list