Package: acidbase
Version: 1.2.1-2
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When I try to delete alerts from the "5 most frequent alerts" page (by
selecting the checkbox next to the alerts, selecting "delete alerts"
from the dropdown box under "ACTION", and then hitting the "Selected"
button, the alerts are not deleted and I get an error message like
this:
> No alerts were selected or the Delete alert(s) was not successful
Output of debug mode is attached.
The acidlab package has the same problem (reported by me as bug
#341131).
.....Ron
- -- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.1-khufu-0
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages acidbase depends on:
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
ii libphp-adodb 4.64-4 The 'adodb' database abstraction l
ii libwww-perl 5.803-4 WWW client/server library for Perl
ii php-image-graph 0.7.1-1 Image_Graph module for PEAR
ii php4 4:4.4.0-4 server-side, HTML-embedded scripti
ii php4-cli 4:4.4.0-4 command-line interpreter for the p
ii php4-gd 4:4.4.0-4 GD module for php4
ii php5 5.0.5-3 server-side, HTML-embedded scripti
ii php5-cli 5.0.5-3 command-line interpreter for the p
ii php5-gd 5.0.5-3 GD module for php5
acidbase recommends no packages.
- -- debconf-show failed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDi6CoitqjxNhsdN4RAossAJ9KkkypGtl8T6YstVA9fai8wqVqmwCeO6Ym
INJecuXoBiOxqpUQujoD84U=
=Gnbi
-----END PGP SIGNATURE-----
Session Registered
importing SESSION var 'sig'
importing SESSION var 'sig_type'
importing SESSION var 'sig_class'
importing SESSION var 'sig_priority'
importing SESSION var 'ag'
importing SESSION var 'sensor'
importing SESSION var 'time'
importing SESSION var 'time_cnt'
importing SESSION var 'ip_addr'
importing SESSION var 'ip_addr_cnt'
importing SESSION var 'layer4'
importing SESSION var 'ip_field'
importing SESSION var 'ip_field_cnt'
importing SESSION var 'tcp_port'
importing SESSION var 'tcp_port_cnt'
importing SESSION var 'tcp_flags'
importing SESSION var 'tcp_field'
importing SESSION var 'tcp_field_cnt'
importing SESSION var 'udp_port'
importing SESSION var 'udp_port_cnt'
importing SESSION var 'udp_field'
importing SESSION var 'udp_field_cnt'
importing SESSION var 'icmp_field'
importing SESSION var 'icmp_field_cnt'
importing SESSION var 'rawip_field'
importing SESSION var 'rawip_field_cnt'
importing SESSION var 'data'
importing SESSION var 'data_cnt'
importing SESSION var 'data_encode'
Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php'
Basic Analysis and Security Engine (BASE)
Home | Search
[ Back ]
URL: '/acidbase/base_stat_alerts.php' (referred by:
'http://www.rjmx.net/acidbase/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d')
PARAMETERS: '
CLIENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.12) Gecko/20050915 Firefox/1.0.7
SERVER: Apache
SERVER HW: Linux tinkerbell 2.6.14.2-tinkerbell-0 #1 Fri Nov 18
22:50:17 EST 2005 ppc
DATABASE TYPE: mysql DB ABSTRACTION VERSION: V4.64 20 June
2005 (c) 2000-2005 John Lim (jlim#natsoft.com.my). All rights reserved.
Released BSD & LGPL.
PHP VERSION: 5.0.5-3 PHP API: apache2handler
BASE VERSION: 1.2.1 (kris)
SESSION ID: 6bf00552e239c9930a5578463e8c4807( 2248 bytes )
Checking for DB abstraction lib in '/usr/share/php/adodb/adodb.inc.php'
sensor #1: event.cid = 0, acid_event.cid = 0
sensor #2: event.cid = 0, acid_event.cid = 0
sensor #3: event.cid = 0, acid_event.cid = 0
sensor #4: event.cid = 0, acid_event.cid = 0
sensor #5: event.cid = 0, acid_event.cid = 0
sensor #6: event.cid = 0, acid_event.cid = 0
sensor #7: event.cid = 0, acid_event.cid = 0
sensor #8: event.cid = 135761, acid_event.cid = 135761
Added 0 alert(s) to the Alert cache
Queried on : Sun November 27, 2005 22:47:47
Meta Criteria any
IP Criteria any
Layer 4 Criteria none
Payload Criteria any
Summary Statistics
# Sensors /
# Unique Alerts ( classifications )
# Unique addresses: Source | Destination
# Unique IP links
# Source Port: TCP | UDP
# Destination Port: TCP | UDP
# Time profile of alerts
==== ACTION ======
context = 2
==== Delete alert(s) Alerts ========
num_alert = 5
action_sql = FROM acid_event WHERE 1 = 1
action_op = Selected
action_arg =
action_param =
context = 2
limit_start = -1
limit_offset = -1
using_blobs = 1
Gathering elements from 1 alert blobs
0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM
acid_event WHERE 1 = 1 AND signature='-1'
No alerts were selected or the Delete alert(s) was not successful
-------------------------------------
action_cnt = 0
dup_cnt = 0
num_alert = 4
==== Delete alert(s) Alerts END ========
Valid Canned Query List
Array
(
[most_frequent] => Array
(
[0] => 5
[1] => Most Frequent Alerts
[2] => occur_d
)
[last_alerts] => Array
(
[0] => 15
[1] => Last Alerts
[2] => last_d
)
)
Query State
caller = 'most_frequent'
num_result_rows = '5'
sort_order = 'occur_d'
current_view = '0'
action_arg = ''
action = 'del_alert'
SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp),
max(timestamp), sig_name, count(DISTINCT(sid)), count(DISTINCT(ip_src)),
count(DISTINCT(ip_dst)) FROM acid_event WHERE 1 = 1 GROUP BY signature,
sig_name ORDER BY sig_cnt DESC
