[Snort-users] RE: Cannot get Acid to report any activity
seeker at ...5932...
Thu Aug 26 17:04:05 EDT 2004
I am sorry I did not get back to you earlier but I am presently
unsubscribed on the Snort mailing list but I saw your message and I
think you forgot to uncomment the command that sends the data to ACID.
Edit the following file:
find the following line in the conf file
output database: alert, mysql, .... (the setup is on page 15 of the
install.pdf guide) and remove the # sign at the beginning of the line.
Save the file and then to test that everything works and it is
connecting to the database, do the following:
./check_snort_eth1 and ./check_snort_eth0
This will confirm that Snort is connecting to MySQL correctly. Then,
I would suggest you review page 14 and 15 of the install.pdf file to
ensure all of the steps have been followed.
I am feeling a bit dumb lately. I cannot see any activity through ACID.
I have configured Snort using Guy Bruneau's Shadow/Snort ISO. All seems
to be well, the sensor is saving alerts in the log files located at
/usr/local/snort/log/*. I can read them via less.
I would like to check to see if the logs are making it to mysql. How can
I query the database to verify that the logs are moving to mysql?
If I find the logs are getting to mysql, how do I check my connection
between acid and mysql?
Any ideas would be helpful.
I normally do NT admin, so I only have a poor mans knowledge of Linux.
So, what I am saying is... Don't be to vague with your answers... :-)
More information about the Snort-users