[Snort-users] No Activity Occurring on ACID

Kaplan, Andrew H. AHKAPLAN at ...10063...
Fri Jul 23 12:02:09 EDT 2004

Dropping the -A option did it. Information is appearing in ACID. Thanks for the

-----Original Message-----
From: Paul Schmehl [mailto:pauls at ...6838...]
Sent: Friday, July 23, 2004 2:13 PM
To: Kaplan, Andrew H.
Cc: Snort User Group (E-mail)
Subject: RE: [Snort-users] No Activity Occurring on ACID

--On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H." 
<AHKAPLAN at ...10063...> wrote:

> I restarted Snort and checked the messages file for the appropriate
> entries. It looks like everything associated with the
> program started up successfully with the exception of stream for having a
> problem with an argument that I gave it. Could
> you please advise on that? I'm including an excerpt of the messages file
> for your perusal.
According to the messages file, snort is starting successfully.  I also 
looked at the snort.conf stuff you sent, and that all looked OK.  I'm not 
sure what the problem might be.

> I did log successfully into Snort using the mysql -u "user" -p so there
> should not be a problem with the snort user having
> access to the database. I verified the username and password that appear
> in the snort.conf file match those that I used from
> the command line.
> The command syntax that I used with the -T option was snort -T -A -i eth0
> -c /etc/snort/snort.conf -v. It showed all plugin's
> loading successfully except for the min_ttl option for the stream4
> plugin. I'll check that out, but I would be surprised if
> that alone could be the root cause of the problem.
No, it wouldn't be.  That's just a WARNING.  If it said FATAL, snort would 
not run.

Do not use the "-A" switch.  That overrides your conf file, so that would 
prevent snort from logging to the database and force snort to only log to 
/var/log/snort/alert (if that's the default path for you).

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

More information about the Snort-users mailing list