[Snort-users] Beginner Help...

cc cc at ...9707...
Thu Jul 31 18:40:03 EDT 2003


Stevo wrote:

> I have 2 interfaces in my Snort box, one for management and one for
> sniffing.  The sniffer interface is connected to a switch (Cat4006)
> and I'm spanning our uplink port to the sniffer interface.  I know
> that's working because if I do a tcpdump -i eth1 (the sniffer
> interface) I see ALL the traffic from our network...
> 
> Snort is running and supposibly logging the my mysql db - should I
> see the number of records increasing in a certain table to make sure

Have you tested out whether or not snort is indeed sending info
to your MySQL db?  ACID only reports what it sees and if there's
no data, it can't show you anything.

> the data is in fact being logged there successfully??  I've been

There are some ways of doing this.  Basically go to both your
snort boxes and try the mysql command using the username and password
and host and see if you can connect to the db.  if so, then it
works.  Otherwise you might have some problems with the setup.

HTH

-- 
email: cc at ...9707...  | "A man who knows not where he goes,
                         |  knows not when he arrives."
                         |                - Anon


** All information contained in this email is strictly     **
** confidential and may be used by the intended receipient **
** only.                                                   **



More information about the Snort-users mailing list