[Snort-users] ACID and delete alerts

cc cc at ...9707...
Mon Feb 16 23:07:04 EST 2004


Michael Steele sighed and wrote::

> Check your configure in 'acid_conf.php" and make sure its correct and make
> sure ACID has enough permissions to delete from the database.
>

My acid user = Aciduser, and the following doesn't produce any
discernable error:

mysq> grant create, insert,select,delete,update on snort.* to aciduser
identified by '<inpass>'

mysq> grant create, insert,select,delete,update on snort.* to
aciduser at ...274... identified by '<inpass>'

And while looking at the Acid logs, I don't see any attempts at
running the Delete command.  All logged commands were select
commands.

As shown here:


--------------------------------------------------------------------------------
Connect [mysql] snort at ...274...:3306 as snort
[Feb 17 2004 15:00:37] /acid/acid_stat_alerts.php - db version 106
--------------------------------------------------------------------------------

SELECT sid FROM sensor
SELECT MAX(cid) FROM event WHERE sid='1'
SELECT MAX(cid) FROM acid_event WHERE sid='1'
SELECT MAX(cid) FROM event WHERE sid='2'
SELECT MAX(cid) FROM acid_event WHERE sid='2'
SELECT MAX(cid) FROM event WHERE sid='3'
SELECT MAX(cid) FROM acid_event WHERE sid='3'
SELECT MAX(cid) FROM event WHERE sid='4'
SELECT MAX(cid) FROM acid_event WHERE sid='4'
SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
signature='-1'
SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
signature='-1'
SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
signature='-1'
SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
signature='-1'
SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
signature='-1'
SELECT count(*) FROM acid_event
SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp),
max(timestamp)   FROM acid_event   GR
OUP BY signature  ORDER BY sig_cnt DESC
SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
  signature='17'
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='17'
             ORDER BY timestamp DESC
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='17'
             ORDER BY timestamp ASC
SELECT sig_name FROM signature WHERE sig_id='17'
SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='17'
SELECT sig_sid FROM signature WHERE sig_id='17'
SELECT sig_class_id FROM signature WHERE sig_id = '17'
SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
  signature='45'
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='45'
             ORDER BY timestamp DESC
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='45'
             ORDER BY timestamp ASC
SELECT sig_name FROM signature WHERE sig_id='45'
SELECT sig_class_id FROM signature WHERE sig_id = '45'
SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
  signature='18'
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='18'
             ORDER BY timestamp DESC
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='18'
             ORDER BY timestamp ASC
SELECT sig_name FROM signature WHERE sig_id='18'
SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='18'
SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='8'
SELECT ref_system_name FROM reference_system WHERE ref_system_id='1'
SELECT sig_sid FROM signature WHERE sig_id='18'
SELECT sig_class_id FROM signature WHERE sig_id = '18'
SELECT sig_class_name FROM sig_class WHERE sig_class_id = '5'
SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
  signature='202'
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='202'
             ORDER BY timestamp DESC
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='202'
             ORDER BY timestamp ASC
SELECT sig_name FROM signature WHERE sig_id='202'
SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='202'
SELECT sig_sid FROM signature WHERE sig_id='202'
SELECT sig_class_id FROM signature WHERE sig_id = '202'
SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
  signature='40'
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='40'
             ORDER BY timestamp DESC
SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
 signature='40'
             ORDER BY timestamp ASC
SELECT sig_name FROM signature WHERE sig_id='40'
SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='40'
SELECT sig_sid FROM signature WHERE sig_id='40'
SELECT sig_class_id FROM signature WHERE sig_id = '40'
SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'








More information about the Snort-users mailing list