[Snort-users] Several Questions About Snort Operation

jon baer security at ...9153...
Thu Sep 18 14:32:36 EDT 2003

what does your snort.conf file look like? @ along the bottom somewhere u
should have the output processor set to log to mysql (output database:
alert,mysql, [credentials])

also make sure that interface eth0 is put into promiscious mode (ifconfig
eth0 promisc)

- jon

----- Original Message -----
From: "Kaplan, Andrew H." <AHKAPLAN at ...10063...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, September 18, 2003 4:39 PM
Subject: [Snort-users] Several Questions About Snort Operation

> Hi there,
> I got Snort installed onto my system and when I run the binary from the
> prompt it appears that Snort is running. The syntax that I used is:
> ./snort -A full -i eth0 -c /etc/snort/snort.conf -v
> There are some things that I am not sure about:
> 1. I have the ACID program up and running but I am not getting
> information to display on the screen.
> 2. When I checked the snort_db database under MySQL there was no data.
> This probably explains the situation on item 1.
> 3. What, if anything, do I need to load on remote machines in order for
> the Snort server to be able to check things out on them?
> Essentially it appears Snort does run on my system, but there is no data
> generated within the database and consequently nothing is appearing
> on the ACID console.
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list