Problems with snortreport when trying to look at summary for an
alert(s).
Mattias Björk
mattias.bjork at sydnet.net
Sun Oct 30 11:14:09 PST 2005
Hi, all
Im running snort (ver 2.4 ), snortreport (ver 1.2) with postgresql
(postgresql ver 8.0.4), php5 (ver 5.0.5). My webserver is apache version
2.0.55, lates from ports with ssl support, and last on 5.4-RELEASE-p8
machine.
I having problem with the webinterface to snort (snortreport). It works
well when i type in the url for my localwebserver, where it lists all
alerts in a given timeframe. But when I press the summary link for an
alert I get this error:
Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: syntax error
at or near ")" at character 134 in
/usr/local/www/snortreport/DB_pgsql.php on line 41
ERROR: syntax error at or near ")" at character 134
I have uncommented print $query in DB_pgsql.php in
/usr/local/www/snortreport so I can see the query, its here below:
SELECT event.cid, event.sid, iphdr.ip_src, iphdr.ip_dst, EXTRACT(EPOCH
FROM event.timestamp) AS timestamp FROM event, iphdr WHERE event.cid =
iphdr.cid AND event.sid = iphdr.sid AND event.signature = '14' AND
(event.timestamp > 1130611696 AND event.timestamp < 1130698096)
SELECT ip_src, COUNT(*) AS src_count FROM event INNER JOIN iphdr ON
event.cid = iphdr.cid AND event.sid = iphdr.sid WHERE ip_src IN () AND
(event.timestamp > 1130611696 AND event.timestamp < 1130698096) GROUP BY
iphdr.ip_src
Im no SQL expert but I guess the problem is/or has something to do with
that its trying to run two SQL queries without ";" or am I wrong?
I have googled around for some time no, but I can't find something that
looks like the problem. Im guesing that this is not a fault generated
by me. But have not given up, but I don't know where to go from here. So
I hope that somebody could help me or point in the right direction.
Best Regards Mattias Björk
ps: Should I use the freebsd-database mailinglist for this?
More information about the freebsd-questions
mailing list