[Snort-users] question regarding snort, acid, mysql, and redhat 7.3

Bob Dixon bob.dixon at ...4371...
Sat Oct 26 17:57:02 EDT 2002


Hello all,

I'm trying to get snort working with mysql and acid. I think that I am
following the directions to set this up, but apparently I am missing
something (probably really simple). Snort works fine from a command
line. Also, apache is up. But when I go to what should be my ACID page
(http://10.0.0.2/acid/index.html), all I get is:

Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.

I get the same result going to http://10.0.0.2/acidviewer/index.html).
Any idea what might be wrong? I am trying to follow Steven Scott's
guide, but I am obviously missing something here.

Also, have 2 NIC's. Eth0 is 10.0.0.2 and eth1 is unnumbered. Snort seems
to try and run on eth0, but I think it should be running on eth1. Is
this correct? I am using the snortd script suggested by Steven in his
pdf, and I have configured "INTERFACE=eth1 " in the script. However,
/var/log/messages shows that snort is putting eth0 into promiscuous mode
each time I run "snortd start". Does this sound correct?

I have been trying to go over the details of this for several days to
see if I have missed something simple, but I can't find out what I am
doing wrong. If anyone here has any ideas, I would really appreciate it.

Thanks for your time,
-Bob

BTW- Here are the versions of software that I am running.

acid-0.9.6b22.tar.gz
adodb231.tgz
create_mysql
gd-2.0.4.tar.gz
MySQL-3.23.53a-1.i386.rpm
MySQL-client-3.23.53a-1.i386.rpm
MySQL-devel-3.23.53a-1.i386.rpm
MySQL-shared-3.23.53a-1.i386.rpm
Net_SSLeay.pm-1.20.tar.gz
perl-Net_SSLeay.pm-1.05-3.i386.rpm
php-4.1.2-7.3.4.i386.rpm
phplot-4.4.6.tar.gz
php-mysql-4.1.2-7.3.4.i386.rpm
snort-1.9.0.tar.gz
snortd
snortrules-stable.tar.gz
webmin-1.020-1.noarch.rpm






More information about the Snort-users mailing list