[Snort-users] Snort, php, MySQL and acid showing no activity

Joshua Rogers josh at ...6676...
Fri Aug 23 14:43:03 EDT 2002


> Time for a 'silly' question:  You are using the db output plugin?  Does
snort
> give you any errors when you start it?
This is the output db line I am using in my snort.conf:
'output database: log, mysql, user=snort password=****** dbname=snort
host=localhost detail=full'
If I read this right, snort first sends the info to the log, then to mysql.
But I have no entries in my log files either.
Snort does not give me any errors when I start it. It just plugs along
happily and shows up after I have started it in the 'ps uxaww' list.

Joshua Rogers
Webmaster
InterPlanetary Web Services
303-940-2597
IBO# 60092
----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: "Joshua Rogers" <josh at ...6676...>
Cc: <Snort-users at lists.sourceforge.net>
Sent: Friday, August 23, 2002 3:25 PM
Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no activity


> On Fri, 23 Aug 2002, Joshua Rogers wrote:
>
> [...snip...]
>
> > >*  Verify that snort is working.  'snort -vade' should show traffic on
your
> > network.
> > It works and shows traffic on the network. I copied some output above.
>
> Good.  One less thing to worry about.  :)
>
> > >*  Check your snort.conf.  Check HOME_NET and EXTERNAL_NET, to be sure
> > >they are set for the correct ranges.
> > I have the HOME_NET set for each class c;
> > var HOME_NET
> > [63.229.251.0/24,65.101.195.0/24,65.103.101.0/24,65.125.152.0/23]
> > but my EXTERNAL_NET is set like this:
> > var EXTERNAL_NET $HOME_NET
> > Should external net say 'any'?
>
> Well...  It depends.  I tend to define EXTERNAL_NET as "!$HOME_NET" since
> that's what I'm interested in.
>
> If you want to see possible attacks 'coming and going' then change it to
> "any".
>
> >
> > >*  If the MySQL host and snort host are different, make sure you can
> > >connect from one to the other.
> > The MySQL host and snort are on the same machine.
>
> Ok.  Should work fine.
>
> Time for a 'silly' question:  You are using the db output plugin?  Does
snort
> give you any errors when you start it?
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>
>
>





More information about the Snort-users mailing list