[Snort-users] Can ACID console and snort sensor run on same box?

Gordon Cunningham gcunnin2 at ...163...
Wed Jan 22 09:23:04 EST 2003


Thanks Chris, and the others who've answered me here.  I find that it is
working this morning, but wasn't last night.  Perhaps there was something
that was date sensitive or needed to be "touched".  


- Gordon

		 -----Original Message-----
		From: 	Chris N [mailto:chris.northrop at ...406...] 
		Sent:	Wednesday, January 22, 2003 2:04 PM
		To:	snort-users-admin at lists.sourceforge.net
		Cc:	gcunnin2 at ...163...
		Subject:	RE: [Snort-users] Can ACID console and snort
sensor run on same box?

		Hello Gordon,

		Make sure you have the mysql client installed on the sensor.

		./configure --without-server --without-docs --without-bench
--without-debug

		Do a command line check from the client..
		mysql -u user -p -h hostname

		Make sure you have mysql output configured
		output database: alert, mysql, user=user password=password
dbname=snort sensor_name=hostile1 detail=full host=hostname encoding=ascii

		Start up snort without "-D" and check for errors.

		check net connection to Database
		netstat -an |grep EST

		Good Luck
		Chris


			 -----Original Message-----
			From: 	snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] 
			Sent:	Tuesday, January 21, 2003 5:24 PM
			To:	snort-users at lists.sourceforge.net
			Subject:	[Snort-users] Can ACID console and
snort sensor run on same box?

			I'm still learning the ropes when it comes to
putting distributed sensors and consoles together.  Is it possible to run
ACID console with MySQL on the same box as a sensor and have the sensor
report into the database?  If so, I'm not seeing it work here and don't know
where to look next.  I followed the RH 7.3, ACID, etc. doc posted on the
snort docs page, but of course there were some differences...  ACID reports
0 sensors, alerts have been logged to the "alert' log file but I don't see
them in the database.  The sensor appears to be in there properly, though.

			Thanks.

			- Gordon
			
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4808 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030122/65c5d210/attachment.bin>


More information about the Snort-users mailing list