[Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0

Allyn Baskerville allynb at ...9465...
Sat Jun 14 09:31:10 EDT 2003


Thanks Michael for the help. The 9th rule appears to be bad, which kept the
database from being loaded. I'm not really sure how this is to work, but
even after I removed the bad rule and selected "push and reload" from the
SnortCenter "Sensor Console", ACID still showed no active sensors. However,
after I stopped and started the sensors from the "Sensor Console", ACID now
sees both sensors and is logging alerts. Thanks again. Allyn


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Michael
Steele
Sent: Saturday, June 14, 2003 1:20 AM
To: allynb at ...9465...; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] New Installation - Problem with No Alerts
with Snort, MySQL, SnortCenter and ACID on Redhat 9.0


Is snort even seeing any traffic 'snort -i<interface> -v'

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician
 mailto:michaels at ...9077...
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Allyn
Baskerville
Sent: Friday, June 13, 2003 10:13 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] New Installation - Problem with No Alerts with Snort,
MySQL, SnortCenter and ACID on Redhat 9.0

I finally got the Snort Enterprise Implementation (by Steven Scott)
completed. I have some slightly different files than the manual as only
newer ones were available for downloading. Additionally, all components of
the IDS are installed on a single machine with 3 NICs. Two do not have an IP
address bound to the adapters, and the 3rd is the one with the private IP. I
can't find a single error in any of the logs, all web pages open and
function as expected, and the sensors, SnortCenter, ACID, and MySQL are
running. I verified that I had port mirroring set up on the switches, but
just in case I put the external sensor on a hub. I've selected all
parameters possible on the sensors, and I've also performed scans. I simply
cannot get an alert to show up on ACID, and when I look at the database the
count equals 0. For grins, I also enabled Snort on the NIC with an IP
address and scanned it. It also didn't turn up any alerts.

Thanks for any assistance. Allyn



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users






More information about the Snort-users mailing list