Snort mailing list archives
Patch for Time criteria handling in ACID
From: Mark Vevers <mark () ifl net>
Date: Wed, 12 Jun 2002 14:47:12 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (This didn't get through to the list yesterday as I sent it from another unsubscribed address ....) Roman et al, A number of issues were bugging me about the time criteria handling in ACID, and along the way I also picked up what I think is another bug ... 1. Even though a time criteria could be cleared to '/ * /' it couldn't be completely removed. 2. Having fixed that the search entry time criteria disappears and since PHP doesn't run the for loop once whatever if expr2 doesn't evaluate to true, no option to add it was appearing ... added code to give 'Add Time' button when no time criteria have yet been entered. 2. Acid was displaying an error about multiple time criteria without and AND or OR despite the fact that only one criteria had been entered.(with and without the above fixes' 3. During this I discovered ProcessCriteria was being called twice for a normal search, once by acid_qry_main and once by acid_qry_sqlcalls. The second was unncessary for a normal query but was need when called by acid_ag_main.php so I moved the ProcessCriteria line was moved inside the if clause when called by acid_ag_main. As far as I can tell the fixes work - I've tried normal searchs with and without multiple time criteria, canned queries and alert graphing and they all seem to work OK YMMV. The change to the search UI may not be quite what you wanted, but it's a consequnce of the fact that Init function gets called to clear the criteria as well as to create it ...... Cheers Mark - -- - ---------------------------------------------------------------------------- Index: acid_state_citems.inc =================================================================== RCS file: /cvsroot/acidlab/acid/acid/acid_state_citems.inc,v retrieving revision 1.3 diff -r1.3 acid_state_citems.inc 589a590,596
function Init() { $this->criteria_cnt=0; unset($this->criteria); }
593a601,602
$this->criteria_cnt=0; unset($this->criteria);
650a660,663
if ($this->criteria_cnt == 0) echo ' <INPUT TYPE="submit" NAME="submit" VALUE="ADD Time">';
Index: acid_qry_sqlcalls.php =================================================================== RCS file: /cvsroot/acidlab/acid/acid/acid_qry_sqlcalls.php,v retrieving revision 1.9 diff -r1.9 acid_qry_sqlcalls.php 20,21d19 < ProcessCriteria(); < 23a22
ProcessCriteria();
Index: acid_qry_common.php =================================================================== RCS file: /cvsroot/acidlab/acid/acid/acid_qry_common.php,v retrieving revision 1.16 diff -r1.16 acid_qry_common.php 124c124 < for ( $i = 0; $i <= $cnt; $i++ ) - - ---
for ( $i = 0; $i < $cnt; $i++ )
- - -- Mark Vevers. mark () ifl net / mvevers () rm com Internet Backbone Engineering Team Internet for Learning, Research Machines Plc Tel: +44 1235 823380, Fax: +44 1235 823424 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Bh94WLU9HLCPPKMRAhbTAJ9bCB0GPnc0oVRZ7zpfe/N4V2LVAwCbBh01 60JsqaLYt0Yj2n7cZHPm4ow= =z+9M - -----END PGP SIGNATURE----- - ------------------------------------------------------- - -- Mark Vevers. mark () ifl net / mvevers () rm com Internet Backbone Engineering Team Internet for Learning, Research Machines Plc Tel: +44 1235 823380, Fax: +44 1235 823424 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9B1DgWLU9HLCPPKMRAqT4AJ9ddyU92wPigjvAOmVaXLFxft0afACdEac9 RT/ifuIym5mEstbeOiZ7rLU= =JksE -----END PGP SIGNATURE----- _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Patch for Time criteria handling in ACID Mark Vevers (Jun 12)
- <Possible follow-ups>
- Patch for Time criteria handling in ACID Mark Vevers (Jun 13)
- Re: Patch for Time criteria handling in ACID Roman Danyliw (Jun 15)