[Snort-users] loggin issue

roman at ...438... roman at ...438...
Thu May 10 15:35:26 EDT 2001


Is it logging anywhere else (e.g. to a file)? What does you 
command line look like?  Does it have a "-A", if so remove it.

Roman

> I don't get it....
> 
> I have Snort 1.7 on OpenBSd
> 
> it's telling me it's seeing Packets, it's sending alerts, but I see no data
> in mysql....
> 
> 
> ============================================================================
> ===
> Snort received 5065 packets and dropped 0(0.000%) packets
> 
> Breakdown by protocol:                Action Stats:
>     TCP: 5048       (99.664%)         ALERTS: 7
>     UDP: 0          (0.000%)          LOGGED: 7
>    ICMP: 12         (0.237%)          PASSED: 0
>     ARP: 0          (0.000%)
>    IPv6: 0          (0.000%)
>     IPX: 0          (0.000%)
>   OTHER: 0          (0.000%)
> DISCARD: 0          (0.000%)
> =======================================
> 
> connect info
> 
> Initializing rule chains...
> database: compiled support for ( mysql )
> database: configured to use mysql
> database:          user = ids
> database: password is set
> database: database name = snortdb
> database:          host = 192.168.69.5
> database:   sensor name = 192.168.69.12
> database:     sensor id = 2
> database: using the "log" facility
> 796 Snort rules read...
> 796 Option Chains linked into 114 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> 
> I am using ACID to look at the SnortDB
> I can see it's registered in the database as a sensor...
> 
> I just see no data from it
> 
> 
> 
> L8rZ,
> 
>   )\_/(
>  < o,0 >
>     ~
>    \ /
> 
> KoAps
> 
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list