[Snort-users] Snort running but no alert show in ACID

michela.gandolfo_external at ...11607... michela.gandolfo_external at ...11607...
Thu Apr 8 06:23:24 EDT 2004


Hello,
I'm running snort on a Red Hat 9 with mysql db and ACID.
All was working  fine but at a certain point, I don't know the reason, alerts stop to be logged on db and obviously to be displayed through ACID.

I try to see if packets was arriving to the nic using tcpdump and it works.
Now the strange thing: if I run simultaneously snort (as a daemon) and tcpdump (by command line) on the same interface, alerts are logged again in the db and displayed through ACID.

I thought that some how the nic is not put in promiscuous mode when snort starts, so I tried to set it manually (ifconfig eth01 promisc) but sill alerts are not displayed without tcpdump running.

Anyone has a suggestion for me?

Thanks for your help
Best Regards
Michela Gandolfo

************************************************
 
This e-mail is from Wärtsilä Italia and it is intended only for the adressee. This e-mail may contain privileged and confidential information. If you receive this e-mail by mistake, please return it to Wärtsilä Italia without distributing or retaining copies thereof. Thank you.
 
************************************************
 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040408/0101bde9/attachment.html>


More information about the Snort-users mailing list