[Snort-users] acid empty but mysql working

Adam Denenberg straightflush at ...11827...
Wed Jul 7 13:06:02 EDT 2004

 i have a 2-tier snort set up with snort and barnyard running on one
box, and mysql/acid running on another.

 i have snort configured with the following options:


output log_unified: filename snort.unified.log, limit 256

and barnyard.conf configured as follows:

config hostname: localhost
config interface: eth1
output alert_acid_db: mysql, sensor_id 1, database snort, server
ids2.ops.domain.com , user snort, password snort
output log_acid_db: mysql, sensor_id 1, database snort, server
ids2.domain.pirtgroup.com , user snort, password snort , detail full

i run snort like:

/usr/local/bin/snort -c /etc/snort/snort.conf -l /usr/local/snortlogs/
-i eth1 -u snort -g snort -D

and barnyard like:

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d
/usr/local/snortlogs/ -f snort.unified.log -g
/etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map -w

data appears in the db in almost all tables but _NOTHING_ is showing
up in ACID.  Also the sensor table is empty, and the acid_* tables are
empty, isnt that supposed to be populated by barnyard?

 anybody know why acid wont view all the data that exists in my DB?


More information about the Snort-users mailing list