[Snort-users] ACID and delete alerts

Michael Steele michaels at ...9077...
Tue Feb 17 00:30:05 EST 2004


Change acid_conf.php and try using root access to MySQL with the appropriate
password to see if that works.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of cc
> Sent: Monday, February 16, 2004 11:00 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ACID and delete alerts
> 
> Michael Steele sighed and wrote::
> 
> > Check your configure in 'acid_conf.php" and make sure its correct and
> make
> > sure ACID has enough permissions to delete from the database.
> >
> 
> My acid user = Aciduser, and the following doesn't produce any
> discernable error:
> 
> mysq> grant create, insert,select,delete,update on snort.* to aciduser
> identified by '<inpass>'
> 
> mysq> grant create, insert,select,delete,update on snort.* to
> aciduser at ...274... identified by '<inpass>'
> 
> And while looking at the Acid logs, I don't see any attempts at
> running the Delete command.  All logged commands were select
> commands.
> 
> As shown here:
> 
> 
> --------------------------------------------------------------------------
> ------
> Connect [mysql] snort at ...274...:3306 as snort
> [Feb 17 2004 15:00:37] /acid/acid_stat_alerts.php - db version 106
> --------------------------------------------------------------------------
> ------
> 
> SELECT sid FROM sensor
> SELECT MAX(cid) FROM event WHERE sid='1'
> SELECT MAX(cid) FROM acid_event WHERE sid='1'
> SELECT MAX(cid) FROM event WHERE sid='2'
> SELECT MAX(cid) FROM acid_event WHERE sid='2'
> SELECT MAX(cid) FROM event WHERE sid='3'
> SELECT MAX(cid) FROM acid_event WHERE sid='3'
> SELECT MAX(cid) FROM event WHERE sid='4'
> SELECT MAX(cid) FROM acid_event WHERE sid='4'
> SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
> SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
> signature='-1'
> SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
> SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
> signature='-1'
> SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
> SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
> signature='-1'
> SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
> SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
> signature='-1'
> SELECT count(acid_event.sid)  FROM acid_event  WHERE  signature='-1'
> SELECT acid_event.sid, acid_event.cid  FROM acid_event  WHERE
> signature='-1'
> SELECT count(*) FROM acid_event
> SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp),
> max(timestamp)   FROM acid_event   GR
> OUP BY signature  ORDER BY sig_cnt DESC
> SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
> COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
>   signature='17'
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='17'
>              ORDER BY timestamp DESC
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='17'
>              ORDER BY timestamp ASC
> SELECT sig_name FROM signature WHERE sig_id='17'
> SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='17'
> SELECT sig_sid FROM signature WHERE sig_id='17'
> SELECT sig_class_id FROM signature WHERE sig_id = '17'
> SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
> SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
> COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
>   signature='45'
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='45'
>              ORDER BY timestamp DESC
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='45'
>              ORDER BY timestamp ASC
> SELECT sig_name FROM signature WHERE sig_id='45'
> SELECT sig_class_id FROM signature WHERE sig_id = '45'
> SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
> SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
> COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
>   signature='18'
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='18'
>              ORDER BY timestamp DESC
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='18'
>              ORDER BY timestamp ASC
> SELECT sig_name FROM signature WHERE sig_id='18'
> SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='18'
> SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='8'
> SELECT ref_system_name FROM reference_system WHERE ref_system_id='1'
> SELECT sig_sid FROM signature WHERE sig_id='18'
> SELECT sig_class_id FROM signature WHERE sig_id = '18'
> SELECT sig_class_name FROM sig_class WHERE sig_class_id = '5'
> SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
> COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
>   signature='202'
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='202'
>              ORDER BY timestamp DESC
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='202'
>              ORDER BY timestamp ASC
> SELECT sig_name FROM signature WHERE sig_id='202'
> SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='202'
> SELECT sig_sid FROM signature WHERE sig_id='202'
> SELECT sig_class_id FROM signature WHERE sig_id = '202'
> SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
> SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src),
> COUNT(DISTINCT ip_dst)  FROM acid_event  WHERE
>   signature='40'
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='40'
>              ORDER BY timestamp DESC
> SELECT timestamp, acid_event.sid, acid_event.cid  FROM acid_event  WHERE
>  signature='40'
>              ORDER BY timestamp ASC
> SELECT sig_name FROM signature WHERE sig_id='40'
> SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='40'
> SELECT sig_sid FROM signature WHERE sig_id='40'
> SELECT sig_class_id FROM signature WHERE sig_id = '40'
> SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0'
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list