i've a problem using the search functionality for signatures.
The configs looks as follows:
> * Should a combo box with possible signatures be displayed on the
> * 0 : disabled
> * 1 : show only non pre-processor signatures (e.g., ignore portscans)
> * 2 : show all signatures
>$use_sig_list = 1;
When i visit the search site, and pick a signature out of that drop down box (and change nothing else on the screen), i always get the hole database as a search result. The signature search thing isn't even included in that small box for the meta criteria.
As a workaround, i can use the predefined searches "most recent alerts" or "most frequent alert". Both are searching for signature groups with a number, not a string. But that number isn't the sid:
search with string from drop down: IMAP SSLv2 openssl get shared ciphers overflow (sid=8438)
search with "most recent alerts" searches for: "exactly = 6173"
Can anybody give me a hint where BASE gets these numbers from, or, how to get the string-based search work?
thanks in advance,
It might be the sig_sid. That's the unique identifier for the signature. The sig_id whatever number signature it is in your DB,
To search by string, select roughly from the drop down that says signature. It'll do a like search
>It might be the sig_sid.
It seems to be the sig_id from the signature table.
>To search by string, select roughly from the drop down that says signature. It'll do a like search
Not in my case. Using these search parameters gets me the hole database as search result.
When i select "roughly" from that drop down, and type the search string by hand in the text field right of "roughly", then i get a valid search result. But only using the signature drop down under the "roughly" by selecting a string from the list does not work. Then, that selection is ignored and the search result is all the data.
Is that "signature" drop down think just a kind of reminder or should it work the search, too?
cookies are enabled?
The list is a list of alert classifications where "roughly" actually does a text search of the signature name. If you select roughly, you have to give it a criterion to search by.
cookies are enabled.
Additionaly, even "exactly" and some string from the drop down box does not work at all.
The search criteria field is empty, and i get back all the database values.
there were indeed some bugs around the search form. I believe, they are fixed now in CVS.
So, please update, and tell us whether this
is resolved for you, as well, or whether there have now been triggered some nasty
> So, please update, and tell us whether this is resolved for you, as well,
It is. Works like a charm.
Once again, thank you very much!
Log in to post a comment.