[Snort-users] Snort for Windows, MySQL and ACID question

Joe Giles jgiles at ...6534...
Thu Aug 8 19:42:02 EDT 2002

I was having the same problem... One thing I did, was make sure that the portscan.log gives the proper permissions...

Mine is set 644. I still dont see any port scan activity as far as the Bar Graph goes (BUG???) but if you select an IP address from anywhere, there is a PORTSCAN option that you can select to view the portscan.log file filtered for the ip address..

Hope this helps :)


> > I am running Snort, MySQL and ACID on a Windows 2000 
> > Professional machine.  
> > When I run a port scan, I do not see any port scan activity 
> > showing up in 
> > ACID.  Any ideas on where to look to see why this is not 
> > happening?  I 
> > assume that I am missing a rule somewhere, but I am not sure. 
> >  Thanks....
> rtff - read the f(ine) faq:
> http://www.snort.org/docs/faq.html
> stfa - search the f(ine) archives:
> http://marc.theaimsgroup.com/?l=snort-users
> google is your friend:
> http://www.google.com/search?q=snort%20nothing%20showing%20up%20in%20aci
> d&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8
> snort helps them what helps themselves...
> <rant - not directly completely at you, shawn, but consider yourself
> within the blast radius...>
> fer cryin' out loud, what is it with people?  get 'em on the internet
> and the automatically lose 50 points of iq?!  seems that some of 'em
> can't spare it to begin with.
> google.  mailing list archives.  faqs.  how-tos.  documentation written
> by users.
> it's all out there -- use it.
> okay, stop me if this gets complicated.  on a mailing list you do
> something called lurking.  read for a week, just listen -- don't say
> anything.  get the feel of the people who write and the temperament of
> the list in general.  newbies can get help, but be prepared to get
> whacked for not doing your homework.  
> yes, i know i could have spent less time just answering the question,
> but this is like taking the time to write a script so next time you
> invest a lot less time.  yes, i know that this could be construed as
> rude, but consider that you've just committed the equivalent of butting
> into a card game and asking "are you playing cards?"
> if you are going to ask for help, send the relevant information.  here
> it is again.  
> - version of os (win2k, redhat 7.2, obsd 3.1-stable...)
> - version of snort (do a snort -V)
> - version of acid (look at the bottom of the page - if it isn't
> 0.9.6.b21, don't ask until you've installed it)
> - version of barnyard, if applicable (barnyard -V)
> - version of your database (mysql -V [getting to see a pattern here?])
> if you've read the faqs, read the how-tos, looked it up in google and
> the mailing list archives AND THEN you're unable to get your problem
> taken care of, THEN BY ALL MEANS ask for help.  prove to me that you
> aren't some lazy freakin' snot out to waste our time and energy and
> goodwill, and i'll stay around and help you.
> this isn't meant for just this list either.  this is for all of 'em.
> fly tying, tie-dying, hang-gliding, programming GLIDE, programming perl,
> perl on an OS, OS miscellaneous (criminey, you should see what they do
> to stupid users on obsd-misc...), bondage sites, mailservers lists,
> whatever.
> do your homework.  do for yourself.
> then ask.
> </rant>
> i'm going home, beers and chicken need drinking and barbequeing (in that
> order...)
>  - chris
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Joe Giles
jgiles at ...6534...
AOL ID: mcigiles

More information about the Snort-users mailing list