[Snort-users] acid empty but mysql working

Adam Denenberg straightflush at ...11827...
Wed Jul 7 13:06:02 EDT 2004


Hello,
 
 i have a 2-tier snort set up with snort and barnyard running on one
box, and mysql/acid running on another.

 i have snort configured with the following options:


snort.conf:

output log_unified: filename snort.unified.log, limit 256


and barnyard.conf configured as follows:

config hostname: localhost
config interface: eth1
output alert_acid_db: mysql, sensor_id 1, database snort, server
ids2.ops.domain.com , user snort, password snort
output log_acid_db: mysql, sensor_id 1, database snort, server
ids2.domain.pirtgroup.com , user snort, password snort , detail full

i run snort like:

/usr/local/bin/snort -c /etc/snort/snort.conf -l /usr/local/snortlogs/
-i eth1 -u snort -g snort -D

and barnyard like:

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d
/usr/local/snortlogs/ -f snort.unified.log -g
/etc/snort/rules/gen-msg.map -s /etc/snort/rules/sid-msg.map -w
/usr/local/snortlogs/barnyard.waldo

data appears in the db in almost all tables but _NOTHING_ is showing
up in ACID.  Also the sensor table is empty, and the acid_* tables are
empty, isnt that supposed to be populated by barnyard?

 anybody know why acid wont view all the data that exists in my DB?

thanks
adam




More information about the Snort-users mailing list