search

Snorby / snorby

Ruby On Rails Application For Network Security Monitoring
Other
1k stars 224 forks source link

snorby with mysql 5.7.21 error 'sql_mode=only_full_group_by' but sql_mode do not have only_full_group_by #488

Closed XCM-jj closed 6 years ago

XCM-jj commented 6 years ago

log show :

Expression #1 of ORDER BY clause is not in GROUP BY clause and contains nonaggregated column 'snorby.event.timestamp' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by (code: 1055, sql state: 42000, query: SELECT signature FROM event GROUP BY signature ORDER BY timestamp DESC LIMIT 5, uri: mysql:snort@10..,snorby?database=snorby&path=snorby&adapter=mysql&username=s&password=sno@&host=)

__ but my sql_mod do not have 'only_full_group_by',and i run the sql seem work good.

follow is my sql show:

run the sql:

mysql -usnort -p -Dsnorby -e'SELECT signature FROM event GROUP BY signature ORDER BY timestamp DESC LIMIT 5' Enter password: +-----------+ | signature | +-----------+ | 669 | | 668 | | 667 | | 666 | | 665 | +-----------+

mysql -usnort -p -Dsnorby -e'SELECT @@sql_mode,@@global.sql_mode,@@session.sql_mode' Enter password:

| @@sql_mode | @@global.sql_mode | @@session.sql_mode | ------------------+ | STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION | STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION | STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION | +---------------------------------------------------------------------------------------------------

think you.

XCM-jj commented 6 years ago

because of this error ,i can not receive snorby email(Event summary report、day report 、week report and etc)

XCM-jj commented 6 years ago

maybe the problem is do_mysql

XCM-jj commented 6 years ago

i edit the file:

vim snorby/lib/snorby

40 #sigs = Event.all(:limit => 5, :order => [:timestamp.desc], 41 # :fields => [:sig_id], 42 # :unique => true).map(&:signature).map(&:sig_id)

it work well.

amalp-dba commented 6 years ago

Hi KingJiJi ,

In which file we need to add below entries ? can you please explain.

40 #sigs = Event.all(:limit => 5, :order => [:timestamp.desc], 41 # :fields => [:sig_id], 42 # :unique => true).map(&:signature).map(&:sig_id)

Regards, amal-dba

rohitsharma888 commented 6 years ago

I am also facing same issue, can you please elaborate on the resolution?

XCM-jj commented 6 years ago

file:snorby/lib/snorby