Date: Sun, 30 Oct 2005 20:14:05 +0100 From: =?ISO-8859-1?Q?Mattias_Bj=F6rk?= <mattias.bjork@sydnet.net> To: freebsd-questions@freebsd.org Subject: Problems with snortreport when trying to look at summary for an alert(s). Message-ID: <43651B7D.2010403@sydnet.net>
next in thread | raw e-mail | index | archive | help
Hi, all Im running snort (ver 2.4 ), snortreport (ver 1.2) with postgresql (postgresql ver 8.0.4), php5 (ver 5.0.5). My webserver is apache version 2.0.55, lates from ports with ssl support, and last on 5.4-RELEASE-p8 machine. I having problem with the webinterface to snort (snortreport). It works well when i type in the url for my localwebserver, where it lists all alerts in a given timeframe. But when I press the summary link for an alert I get this error: Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: syntax error at or near ")" at character 134 in /usr/local/www/snortreport/DB_pgsql.php on line 41 ERROR: syntax error at or near ")" at character 134 I have uncommented print $query in DB_pgsql.php in /usr/local/www/snortreport so I can see the query, its here below: SELECT event.cid, event.sid, iphdr.ip_src, iphdr.ip_dst, EXTRACT(EPOCH FROM event.timestamp) AS timestamp FROM event, iphdr WHERE event.cid = iphdr.cid AND event.sid = iphdr.sid AND event.signature = '14' AND (event.timestamp > 1130611696 AND event.timestamp < 1130698096) SELECT ip_src, COUNT(*) AS src_count FROM event INNER JOIN iphdr ON event.cid = iphdr.cid AND event.sid = iphdr.sid WHERE ip_src IN () AND (event.timestamp > 1130611696 AND event.timestamp < 1130698096) GROUP BY iphdr.ip_src Im no SQL expert but I guess the problem is/or has something to do with that its trying to run two SQL queries without ";" or am I wrong? I have googled around for some time no, but I can't find something that looks like the problem. Im guesing that this is not a fault generated by me. But have not given up, but I don't know where to go from here. So I hope that somebody could help me or point in the right direction. Best Regards Mattias Björk ps: Should I use the freebsd-database mailinglist for this?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43651B7D.2010403>