#108 Unique IP links Action

BASE
closed-fixed
Nerveup
Interface (166)
5
2006-02-02
2005-09-09
Christian
No

Reproduce:
1. Today's alerts: unique
2. Click on total for on of the alerts
3. Click Unique IP links
4. Choose Action "Delete alerts"
5. Hit All On Screen

Then you will get "
No alerts were selected or the Delete alert(s) was not
successful"

/Christian

Debug output:

Checking for DB abstraction lib
in '/usr/share/adodb/adodb.inc.php'
sensor #1: event.cid = 105460, acid_event.cid = 105460
sensor #2: event.cid = 0, acid_event.cid = 0
sensor #3: event.cid = 429311, acid_event.cid = 429311
sensor #4: event.cid = 145647, acid_event.cid = 145647
Added 0 alert(s) to the Alert cache
Queried on : Fri September 09, 2005 07:16:28Meta
Criteria Signature "[url] [snort] BLEEDING-EDGE VIRUS
Possible Evaman Worm Outbound" ...Clear...
time >= [ 09 / 09 / 2005 ] [ any time ]
...Clear...
IP Criteria any
Layer 4 Criteria none
Payload Criteria any

==== ACTION ======
context = 6

==== Delete alert(s) Alerts ========
num_alert = -1
action_sql = FROM acid_event WHERE 1 = 1 AND
(signature='579') AND ( timestamp >='2005-09-09' )
action_op = ALL on Screen
action_arg =
action_param =
context = 6
limit_start = -1
limit_offset = -1
using_blobs = 1

Gathering elements from 1 alert blobs
No alerts were selected or the Delete alert(s) was not
successful
-------------------------------------
action_cnt = 0
dup_cnt = 0
num_alert = -1
==== Delete alert(s) Alerts END ========

Valid Canned Query List
Array
(
[most_frequent] => Array
(
[0] => 5
[1] => Most Frequent Alerts
[2] => occur_d
)

[last_alerts] => Array
(
[0] => 15
[1] => Last Alerts
[2] => last_d
)

)

Query State
caller = ''
num_result_rows = '1'
sort_order = ''
current_view = 'ALL on Screen'
action_arg = ''
action = 'del_alert'
SELECT DISTINCT acid_event.ip_src, acid_event.ip_dst,
acid_event.ip_proto FROM acid_event WHERE 1 = 1
AND (signature='579') AND ( timestamp >='2005-09-09' )

Displaying alerts 1-1 of 1 total

Discussion

  • Nerveup

    Nerveup - 2006-02-02
    • status: open --> closed
     
  • Nerveup

    Nerveup - 2006-02-02
    • assigned_to: nobody --> nerveup
    • status: closed --> closed-fixed
     
  • Nerveup

    Nerveup - 2006-02-02

    Logged In: YES
    user_id=1429350

    Fixed into cvs.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks