[Snort-users] No Activity Occurring on ACID

Paul Schmehl pauls at ...6838...
Fri Jul 23 11:13:03 EDT 2004

--On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H." 
<AHKAPLAN at ...10063...> wrote:

> I restarted Snort and checked the messages file for the appropriate
> entries. It looks like everything associated with the
> program started up successfully with the exception of stream for having a
> problem with an argument that I gave it. Could
> you please advise on that? I'm including an excerpt of the messages file
> for your perusal.
According to the messages file, snort is starting successfully.  I also 
looked at the snort.conf stuff you sent, and that all looked OK.  I'm not 
sure what the problem might be.

> I did log successfully into Snort using the mysql -u "user" -p so there
> should not be a problem with the snort user having
> access to the database. I verified the username and password that appear
> in the snort.conf file match those that I used from
> the command line.
> The command syntax that I used with the -T option was snort -T -A -i eth0
> -c /etc/snort/snort.conf -v. It showed all plugin's
> loading successfully except for the min_ttl option for the stream4
> plugin. I'll check that out, but I would be surprised if
> that alone could be the root cause of the problem.
No, it wouldn't be.  That's just a WARNING.  If it said FATAL, snort would 
not run.

Do not use the "-A" switch.  That overrides your conf file, so that would 
prevent snort from logging to the database and force snort to only log to 
/var/log/snort/alert (if that's the default path for you).

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

More information about the Snort-users mailing list