From owner-freebsd-questions@FreeBSD.ORG Sun Oct 30 19:14:08 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAF6A16A41F for ; Sun, 30 Oct 2005 19:14:08 +0000 (GMT) (envelope-from mattias.bjork@sydnet.net) Received: from tyskenfranlund.mine.nu (c140.a119.gbg.bahnhof.net [213.80.119.140]) by mx1.FreeBSD.org (Postfix) with SMTP id EABAD43D45 for ; Sun, 30 Oct 2005 19:14:07 +0000 (GMT) (envelope-from mattias.bjork@sydnet.net) Received: (qmail 95053 invoked from network); 30 Oct 2005 19:14:03 -0000 Received: from unknown (HELO ?127.0.0.1?) (192.168.10.201) by ns.birch.se with SMTP; 30 Oct 2005 19:14:03 -0000 Message-ID: <43651B7D.2010403@sydnet.net> Date: Sun, 30 Oct 2005 20:14:05 +0100 From: =?ISO-8859-1?Q?Mattias_Bj=F6rk?= User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Antivirus: avast! (VPS 0543-2, 2005-10-27), Outbound message X-Antivirus-Status: Clean Subject: Problems with snortreport when trying to look at summary for an alert(s). X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Oct 2005 19:14:09 -0000 Hi, all Im running snort (ver 2.4 ), snortreport (ver 1.2) with postgresql (postgresql ver 8.0.4), php5 (ver 5.0.5). My webserver is apache version 2.0.55, lates from ports with ssl support, and last on 5.4-RELEASE-p8 machine. I having problem with the webinterface to snort (snortreport). It works well when i type in the url for my localwebserver, where it lists all alerts in a given timeframe. But when I press the summary link for an alert I get this error: Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: syntax error at or near ")" at character 134 in /usr/local/www/snortreport/DB_pgsql.php on line 41 ERROR: syntax error at or near ")" at character 134 I have uncommented print $query in DB_pgsql.php in /usr/local/www/snortreport so I can see the query, its here below: SELECT event.cid, event.sid, iphdr.ip_src, iphdr.ip_dst, EXTRACT(EPOCH FROM event.timestamp) AS timestamp FROM event, iphdr WHERE event.cid = iphdr.cid AND event.sid = iphdr.sid AND event.signature = '14' AND (event.timestamp > 1130611696 AND event.timestamp < 1130698096) SELECT ip_src, COUNT(*) AS src_count FROM event INNER JOIN iphdr ON event.cid = iphdr.cid AND event.sid = iphdr.sid WHERE ip_src IN () AND (event.timestamp > 1130611696 AND event.timestamp < 1130698096) GROUP BY iphdr.ip_src Im no SQL expert but I guess the problem is/or has something to do with that its trying to run two SQL queries without ";" or am I wrong? I have googled around for some time no, but I can't find something that looks like the problem. Im guesing that this is not a fault generated by me. But have not given up, but I don't know where to go from here. So I hope that somebody could help me or point in the right direction. Best Regards Mattias Björk ps: Should I use the freebsd-database mailinglist for this?