[Snort-users] Arrrghhh!!...help..me...

Erek Adams erek at ...950...
Thu May 29 07:03:09 EDT 2003

On Wed, 28 May 2003, Tim wrote:

> Frustration has set in and the answer is problably under my nose and
> can't see it. I really need for someone to please point it out for me.
> I'm not new to snort or configuring ACID, MySQL with its accompanying
> programs in order to help view alerts in ACID.....ie., gd, php,
> phplot..etc. JPgraph is new and I haven't had a chance to play with
> it...yet..
> First, I'm running RH 7.3 completely updated through the RHN on two
> machines...hardware is exactly the same on both machines....plenty of
> processing power and memory......500mhz/256 MB and a 9GB IDE drive.
> Plenty for my little home-network-lab. The firewall is Iptables latest
> version on a separate machine with the same (3 NICs) hardware, totally
> setup and functional.
> On the snort (Version 2.0) machine I have 4 NICs one for management and
> the other three for the sensors.


> This should be enough for me to be able to start snort and log alerts to
> the database and view them with ACID or at least I thought so. It seems
> that the sensors are being inserted to the mysql database, however they
> are not viewable through ACID and snort is not logging alerts to the
> database.....even though it does capture packets and they viewable real
> time through the output on screen...no error messages from anywhere that
> I have been able to see so far ("tail -100 /var/log/messages"). I know,
> I know, switch from log to alert in the output database line, but I have
> done that to no avail. Snort fires up correctly and the fact that the
> sensors are being inserted into the database shows me that their is
> connectivity with the MySQL snort database...I'm at a lost. Any help
> will be gratefully appreciated. I have re-installed the system twice now
> and on the brink of sheer frustration ... The funny thing is that I have
> installed the Snort/ACID IDS system prior to snort 2.0 with not much
> trouble on numerous occassions.

Ok, so check your DB.  Log in to MySQL and do a 'select * from sid' and
see what you get.  If you get anything, then Snort is sending the data to
the DB.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list