[Secureideas-base-user] Can't delete alerts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

When I try to delete alerts from the "5 most frequent alerts" page (by
selecting the checkbox next to the alerts, selecting "delete alerts"
from the dropdown box under "ACTION", and then hitting the "Selected"
button, the alerts are not deleted and I get an error message like this:

> No alerts were selected or the Delete alert(s) was not successful

Output of debug mode is at the bottom of this message.

I'm using Debian's 'acidbase' package, from the 'testing' distribution.
Anyone have any suggestions?

Thanks,

 .....Ron

-- 
Ron Murray   (rj...@rj...)
http://www.rjmx.net/~ron
GPG Public Key Fingerprint: F2C1 FC47 5EF7 0317 133C  D66B 8ADA A3C4
D86C 74DE

 ============================================================

Session Registered
importing SESSION var 'sig'
importing SESSION var 'sig_type'
importing SESSION var 'sig_class'
importing SESSION var 'sig_priority'
importing SESSION var 'ag'
importing SESSION var 'sensor'
importing SESSION var 'time'
importing SESSION var 'time_cnt'
importing SESSION var 'ip_addr'
importing SESSION var 'ip_addr_cnt'
importing SESSION var 'layer4'
importing SESSION var 'ip_field'
importing SESSION var 'ip_field_cnt'
importing SESSION var 'tcp_port'
importing SESSION var 'tcp_port_cnt'
importing SESSION var 'tcp_flags'
importing SESSION var 'tcp_field'
importing SESSION var 'tcp_field_cnt'
importing SESSION var 'udp_port'
importing SESSION var 'udp_port_cnt'
importing SESSION var 'udp_field'
importing SESSION var 'udp_field_cnt'
importing SESSION var 'icmp_field'
importing SESSION var 'icmp_field_cnt'
importing SESSION var 'rawip_field'
importing SESSION var 'rawip_field_cnt'
importing SESSION var 'data'
importing SESSION var 'data_cnt'
importing SESSION var 'data_encode'
Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php'
 Basic Analysis and Security Engine (BASE)
Home  |   Search
[ Back ]

         URL: '/acidbase/base_stat_alerts.php' (referred by:
'http://www.rjmx.net/acidbase/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d')
         PARAMETERS: '
         CLIENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.12) Gecko/20050915 Firefox/1.0.7
         SERVER: Apache
         SERVER HW: Linux tinkerbell 2.6.14.2-tinkerbell-0 #1 Fri Nov 18
22:50:17 EST 2005 ppc
         DATABASE TYPE: mysql  DB ABSTRACTION VERSION: V4.64 20 June
2005  (c) 2000-2005 John Lim (jlim#natsoft.com.my). All rights reserved.
Released BSD & LGPL.
         PHP VERSION: 5.0.5-3  PHP API: apache2handler
         BASE VERSION: 1.2.1 (kris)
         SESSION ID: 6bf00552e239c9930a5578463e8c4807( 2248 bytes )

Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php'
sensor #1: event.cid = 0, acid_event.cid = 0
sensor #2: event.cid = 0, acid_event.cid = 0
sensor #3: event.cid = 0, acid_event.cid = 0
sensor #4: event.cid = 0, acid_event.cid = 0
sensor #5: event.cid = 0, acid_event.cid = 0
sensor #6: event.cid = 0, acid_event.cid = 0
sensor #7: event.cid = 0, acid_event.cid = 0
sensor #8: event.cid = 135761, acid_event.cid = 135761
Added 0 alert(s) to the Alert cache
 Queried on : Sun November 27, 2005 22:47:47
Meta Criteria 	   any
IP Criteria 	   any
Layer 4 Criteria	   none
Payload Criteria 	   any

 Summary Statistics
# Sensors /
# Unique Alerts   ( classifications )
# Unique addresses: Source | Destination
# Unique IP links
# Source Port: TCP | UDP
# Destination Port: TCP | UDP
# Time profile of alerts
==== ACTION ======
context = 2

==== Delete alert(s) Alerts ========
num_alert = 5
action_sql = FROM acid_event WHERE 1 = 1
action_op = Selected
action_arg =
action_param =
context = 2
limit_start = -1
limit_offset = -1
using_blobs = 1

Gathering elements from 1 alert blobs
0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
No alerts were selected or the Delete alert(s) was not successful
-------------------------------------
action_cnt = 0
dup_cnt = 0
num_alert = 4
==== Delete alert(s) Alerts END ========

Valid Canned Query List

Array
(
    [most_frequent] => Array
        (
            [0] => 5
            [1] => Most Frequent Alerts
            [2] => occur_d
        )

    [last_alerts] => Array
        (
            [0] => 15
            [1] => Last Alerts
            [2] => last_d
        )

)

Query State
caller = 'most_frequent'
num_result_rows = '5'
sort_order = 'occur_d'
current_view = '0'
action_arg = ''
action = 'del_alert'
SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp),
max(timestamp), sig_name, count(DISTINCT(sid)), count(DISTINCT(ip_src)),
count(DISTINCT(ip_dst)) FROM acid_event WHERE 1 = 1 GROUP BY signature,
sig_name ORDER BY sig_cnt DESC