[Snort-users] Snort, php, MySQL and acid showing no activity

Joshua Rogers josh at ...6676...
Fri Aug 23 11:51:03 EDT 2002


Ok, I ran 'nmap -v -sS -O <server ip>' on the snort machine and on another
server. Both tests did not show up in the acid console and nothing in the
MySQL db. There is also nothing showing up in the portscan log file. I am
guessing I missed something in the setup.

Thanks,
Joshua Rogers
Webmaster
InterPlanetary Web Services
303-940-2597
IBO# 60092

----- Original Message -----
From: "Demetri Mouratis" <dmourati at ...3877...>
To: "Randy Bey" <Randy.Bey at ...6683...>
Cc: <Snort-users at lists.sourceforge.net>
Sent: Friday, August 23, 2002 11:33 AM
Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no activity


> Nmap is a easier and faster in that it doesn't require client/server
> setup:
>
> http://www.insecure.org
>
> HTH
> On Fri, 23 Aug 2002, Randy Bey wrote:
>
> > Oh yes, you need to do something to trigger a rule. I usually just run a
> > quick Nessus(tm) scan; that does it for me.
> >
> > If there are faster, easier ways to trip a rule, please someone let me
> > know.
> >
> > Randy Bey
> > RiverNorth Systems
> > 7300 W 147th St Suite 300
> > Apple Valley, MN 55124
> > http://www.rivernorthsys.com
> >
> >
> > -----Original Message-----
> > From: Joshua Rogers [mailto:josh at ...6676...]
> > Sent: Friday, August 23, 2002 10:24 AM
> > To: Snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no
> > activity
> >
> > I just tried: /usr/local/bin/snort -c /etc/snort/snort.conf -D from the
> > command line. It created an additional sensor, but still no activity in
> > the
> > db. Do I need to create any alerts? It seems that I can not create a
> > useful
> > alert until I have a traffic pattern to base it on. Am I correct in this
> > assumption?
> >
> > Thanks,
> > Joshua Rogers
> > Webmaster
> > InterPlanetary Web Services
> > 303-940-2597
> > IBO# 60092
> > ----- Original Message -----
> > From: "Randy Bey" <Randy.Bey at ...6683...>
> > To: "Joshua Rogers" <josh at ...6676...>; <Snort-users at lists.sourceforge.net>
> > Sent: Friday, August 23, 2002 9:31 AM
> > Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no
> > activity
> >
> >
> > Have you made sure you aren't using any -A switches on your snort
> > command line? It should be as simple as:
> > /usr/local/bin/snort -c /etc/snort/snort.conf -D
> >
> >
> > Randy Bey
> > RiverNorth Systems
> > 7300 W 147th St Suite 300
> > Apple Valley, MN 55124
> > http://www.rivernorthsys.com
> >
> >
> > -----Original Message-----
> > From: Joshua Rogers [mailto:josh at ...6676...]
> > Sent: Thursday, August 22, 2002 4:28 PM
> > To: Snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Snort, php, MySQL and acid showing no activity
> >
> > Hi,
> > I do not know what information will be helpful in showing me how to
> > track
> > down a problem on my system, but here goes. I am running:
> > Red Hat Linux 7.3 with the latest updates
> > PHP 4.2.1, register globals=on
> > Apache 1.3.26
> > MySQL 3.23.39
> > GD 1.6.2
> > The latest acid
> > BCMath
> >
> > I followed the great doc on setting up snort-rh7-mysql, from the snort
> > website. I had to make a few changes since I am running 7.3 and did not
> > have
> > all of the drive space shown in the doc. Somewhere along the line I
> > think I
> > missed something. Snort and MySQL seems to be running, the acid
> > interface
> > comes up fine with no errors but there is no data that shows up in the
> > database or in the acid interface.
> > What information would you need to help point me in the right direction
> > to
> > get snort recording data?
> >
> > Thanks,
> > Joshua Rogers
> > Webmaster
> > InterPlanetary Web Services
> > 303-940-2597
> > IBO# 60092
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=ort-users
> >
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > _________________________
>
> ---------------------------------------------------------------------
> Demetri Mouratis
> dmourati at ...3878...
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list