[Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL

roman at ...438... roman at ...438...
Mon Apr 9 12:32:54 EDT 2001


There is indeed a verbose mode in ACID.  Set $debug_mode=1
in acid_conf.php.  However, I doubt this will help you much if 
Snort is not logging to the database correctly.  Try the following
SQL from the mysql client:

mysql> SELECT count(*) FROM event;

If the count is 0, it is a safe bet that Snort is misconfigured.  As
a side note, are you seeing these alerts in syslog or a flat file?

Roman

> i've tryed -Dc.. 
> 
> I still dont think it logs anything...
> 
> is there any verbose mode for acid? i can see what's goin on?
> 
> 
> ----- Original Message ----- 
> From: "shawn . moyer" <shawn at ...1184...>
> To: "alexus" <ml at ...1718...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Monday, April 09, 2001 10:45 AM
> Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> 
> 
> > alexus wrote:
> >  
> > > snort -Dsc snort.conf
> > 
> > < snort -Dsc snort.conf
> > > snort -Dc snort.conf
> > 
> > The -s tells it to log to syslog instead of what you specify in
> > snort.conf.
> > 
> > You know when you start it and you get the message that says "Command
> > line options override plugin(s)!"? That's why.
> > 
> > 
> > 
> > p.s. CAPS = SHOUTING
> > 
> > --shawn
> > 
> > -- 
> > 
> > s h a w n   m o y e r
> > shawn at ...1184...
> > 
> > "Nuclear war would really set back cable."
> >                      -- Ted Turner
> > 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list