[Snort-users] ACID -- no alerts being detected but....

vicky Mair vickyr at ...8034...
Tue Jan 21 23:13:03 EST 2003


hi there,


for some reason which i can't seem to nail it, ACID console is not able to
display alerts even though  "/etc/snort/alert" is being generated with valid
data through some test (nmap, pings...etc) that i performed.

my snort process (ps) shows:
/usr/sbin/snort -A fast -b -l /var/log/snort -d -D -i eth0 -c /etc


snort.conf has database statement as follows:
output database: alert, mysql, user=root dbname=snort host=192.168.2.102


when i bring up my ACID via the following url i login as user "admin"

http://localhost/acid/acid_main.php

shows database: snort at ...8054...
time window: no alert detected

traffic profile by protocol shows all zeros.

btw, i followed steven scott's manaul at
http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdfwhich ....see page 20
for more info.

please let me know if you need any further information.....any insight will
be appreciated.


tia,
/vicky







More information about the Snort-users mailing list