[Snort-users] acid empty but mysql working

Dirk Geschke dirk at ...10648...
Wed Jul 7 13:39:01 EDT 2004


Hi Adam,

> and barnyard.conf configured as follows:
> 
> config hostname: localhost
> config interface: eth1
> output alert_acid_db: mysql, sensor_id 1, database snort, server
> ids2.ops.domain.com , user snort, password snort
> output log_acid_db: mysql, sensor_id 1, database snort, server
> ids2.domain.pirtgroup.com , user snort, password snort , detail full

[...]

> data appears in the db in almost all tables but _NOTHING_ is showing
> up in ACID.  Also the sensor table is empty, and the acid_* tables are
> empty, isnt that supposed to be populated by barnyard?
> 
>  anybody know why acid wont view all the data that exists in my DB?

I guess the problem results from the missing sensor table entry.

If you mention a sensor_id greater zero in output alert_acid_db
then barnyard will use this id without checking if it exists.

So at first remove either this part or set: sensor_id 0

BTW: A hostname of localhost is a bad sensor name...

Best regards

Dirk




More information about the Snort-users mailing list