[Snort-users] acid empty but mysql working
straightflush at ...11827...
Wed Jul 7 13:06:02 EDT 2004
i have a 2-tier snort set up with snort and barnyard running on one
box, and mysql/acid running on another.
i have snort configured with the following options:
output log_unified: filename snort.unified.log, limit 256
and barnyard.conf configured as follows:
config hostname: localhost
config interface: eth1
output alert_acid_db: mysql, sensor_id 1, database snort, server
ids2.ops.domain.com , user snort, password snort
output log_acid_db: mysql, sensor_id 1, database snort, server
ids2.domain.pirtgroup.com , user snort, password snort , detail full
i run snort like:
/usr/local/bin/snort -c /etc/snort/snort.conf -l /usr/local/snortlogs/
-i eth1 -u snort -g snort -D
and barnyard like:
/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d
/usr/local/snortlogs/ -f snort.unified.log -g
/etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map -w
data appears in the db in almost all tables but _NOTHING_ is showing
up in ACID. Also the sensor table is empty, and the acid_* tables are
empty, isnt that supposed to be populated by barnyard?
anybody know why acid wont view all the data that exists in my DB?
More information about the Snort-users