[Secureideas-base-user] Can't delete alerts
Brought to you by:
secureideas,
sinukas
From: Ron M. <rj...@rj...> - 2005-11-28 04:00:28
|
When I try to delete alerts from the "5 most frequent alerts" page (by selecting the checkbox next to the alerts, selecting "delete alerts" from the dropdown box under "ACTION", and then hitting the "Selected" button, the alerts are not deleted and I get an error message like this: > No alerts were selected or the Delete alert(s) was not successful Output of debug mode is at the bottom of this message. I'm using Debian's 'acidbase' package, from the 'testing' distribution. Anyone have any suggestions? Thanks, .....Ron -- Ron Murray (rj...@rj...) http://www.rjmx.net/~ron GPG Public Key Fingerprint: F2C1 FC47 5EF7 0317 133C D66B 8ADA A3C4 D86C 74DE ============================================================ Session Registered importing SESSION var 'sig' importing SESSION var 'sig_type' importing SESSION var 'sig_class' importing SESSION var 'sig_priority' importing SESSION var 'ag' importing SESSION var 'sensor' importing SESSION var 'time' importing SESSION var 'time_cnt' importing SESSION var 'ip_addr' importing SESSION var 'ip_addr_cnt' importing SESSION var 'layer4' importing SESSION var 'ip_field' importing SESSION var 'ip_field_cnt' importing SESSION var 'tcp_port' importing SESSION var 'tcp_port_cnt' importing SESSION var 'tcp_flags' importing SESSION var 'tcp_field' importing SESSION var 'tcp_field_cnt' importing SESSION var 'udp_port' importing SESSION var 'udp_port_cnt' importing SESSION var 'udp_field' importing SESSION var 'udp_field_cnt' importing SESSION var 'icmp_field' importing SESSION var 'icmp_field_cnt' importing SESSION var 'rawip_field' importing SESSION var 'rawip_field_cnt' importing SESSION var 'data' importing SESSION var 'data_cnt' importing SESSION var 'data_encode' Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php' Basic Analysis and Security Engine (BASE) Home | Search [ Back ] URL: '/acidbase/base_stat_alerts.php' (referred by: 'http://www.rjmx.net/acidbase/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d') PARAMETERS: ' CLIENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 SERVER: Apache SERVER HW: Linux tinkerbell 2.6.14.2-tinkerbell-0 #1 Fri Nov 18 22:50:17 EST 2005 ppc DATABASE TYPE: mysql DB ABSTRACTION VERSION: V4.64 20 June 2005 (c) 2000-2005 John Lim (jlim#natsoft.com.my). All rights reserved. Released BSD & LGPL. PHP VERSION: 5.0.5-3 PHP API: apache2handler BASE VERSION: 1.2.1 (kris) SESSION ID: 6bf00552e239c9930a5578463e8c4807( 2248 bytes ) Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php' sensor #1: event.cid = 0, acid_event.cid = 0 sensor #2: event.cid = 0, acid_event.cid = 0 sensor #3: event.cid = 0, acid_event.cid = 0 sensor #4: event.cid = 0, acid_event.cid = 0 sensor #5: event.cid = 0, acid_event.cid = 0 sensor #6: event.cid = 0, acid_event.cid = 0 sensor #7: event.cid = 0, acid_event.cid = 0 sensor #8: event.cid = 135761, acid_event.cid = 135761 Added 0 alert(s) to the Alert cache Queried on : Sun November 27, 2005 22:47:47 Meta Criteria any IP Criteria any Layer 4 Criteria none Payload Criteria any Summary Statistics # Sensors / # Unique Alerts ( classifications ) # Unique addresses: Source | Destination # Unique IP links # Source Port: TCP | UDP # Destination Port: TCP | UDP # Time profile of alerts ==== ACTION ====== context = 2 ==== Delete alert(s) Alerts ======== num_alert = 5 action_sql = FROM acid_event WHERE 1 = 1 action_op = Selected action_arg = action_param = context = 2 limit_start = -1 limit_offset = -1 using_blobs = 1 Gathering elements from 1 alert blobs 0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND signature='-1' 1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND signature='-1' 2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND signature='-1' 3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND signature='-1' 4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND signature='-1' No alerts were selected or the Delete alert(s) was not successful ------------------------------------- action_cnt = 0 dup_cnt = 0 num_alert = 4 ==== Delete alert(s) Alerts END ======== Valid Canned Query List Array ( [most_frequent] => Array ( [0] => 5 [1] => Most Frequent Alerts [2] => occur_d ) [last_alerts] => Array ( [0] => 15 [1] => Last Alerts [2] => last_d ) ) Query State caller = 'most_frequent' num_result_rows = '5' sort_order = 'occur_d' current_view = '0' action_arg = '' action = 'del_alert' SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp), max(timestamp), sig_name, count(DISTINCT(sid)), count(DISTINCT(ip_src)), count(DISTINCT(ip_dst)) FROM acid_event WHERE 1 = 1 GROUP BY signature, sig_name ORDER BY sig_cnt DESC |