[Snort-users] Snort, php, MySQL and acid showing no activity

Erek Adams erek at ...577...
Fri Aug 23 14:26:02 EDT 2002


On Fri, 23 Aug 2002, Joshua Rogers wrote:

[...snip...]

> >*  Verify that snort is working.  'snort -vade' should show traffic on your
> network.
> It works and shows traffic on the network. I copied some output above.

Good.  One less thing to worry about.  :)

> >*  Check your snort.conf.  Check HOME_NET and EXTERNAL_NET, to be sure
> >they are set for the correct ranges.
> I have the HOME_NET set for each class c;
> var HOME_NET
> [63.229.251.0/24,65.101.195.0/24,65.103.101.0/24,65.125.152.0/23]
> but my EXTERNAL_NET is set like this:
> var EXTERNAL_NET $HOME_NET
> Should external net say 'any'?

Well...  It depends.  I tend to define EXTERNAL_NET as "!$HOME_NET" since
that's what I'm interested in.

If you want to see possible attacks 'coming and going' then change it to
"any".

>
> >*  If the MySQL host and snort host are different, make sure you can
> >connect from one to the other.
> The MySQL host and snort are on the same machine.

Ok.  Should work fine.

Time for a 'silly' question:  You are using the db output plugin?  Does snort
give you any errors when you start it?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list