[Snort-users] No alert detection on alert console

Truax, Shawn (MBS) Shawn.Truax at ...8509...
Wed May 12 02:01:06 EDT 2004


First thing I would recommend is to make sure there is traffic reaching your
sniffing port.  Run TCPDUMP on this interface to make sure there is traffic
for Snort to work on.  Next run Snort and have it display the alerts to the
screen so you can see if it is actually alerting.  (Check the manual for the
settings required to do this.)  If Snort is generating alerts check to see
if you have all your database info setup properly with passwords and
privileges.  If your database is setup properly, run TCPDUMP on the database
listener interface to see if your Snort Sensor is trying to connect to it.
Check these things first and correct any problems.  If this is all working
and you are still having issues post up your config files for a look see.

Whenever there is a problem you should always start at the beginning where a
packet arrives and work your way logically through the system at each stage
to see if the information is getting passed on.

Shawn Truax
Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7

-----Original Message-----
From: Naveen C Joshi [mailto:naveen_joshi at ...11009...]
Sent: May 12, 2004 3:32 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] No alert detection on alert console

Hi All :

I have installed Snort-2.1 and ACID-0.9.6 on my REDHAT 9.0 by using the
document "snort_enterprise.pdf" written by Steven J. Scott.

I have gone through as per steps mentioned on the document and everything is
working fine, but at my "alert console" there is no traffic/alert detection.
Even the TCP, UDP & ICMP traffic is also 0%.

I have explored on the database there is no event on the event tables and 1
sensor created on the sensor table.
I have installed one another snortcenter agent on other machine and
configured the sensor for it in management console. This sensor is also not
in my sensor table.

My sensor & snort daemon are running properly. The snort database user have
enough permission on the db.

Please suggest me how can I resolve this problem.

Best Regards


This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040512/473a4a42/attachment.html>

More information about the Snort-users mailing list