[Snort-users] Snort is running, but doesn't fill IDS/ACID with alerts
as at ...11814...
Mon May 17 07:22:09 EDT 2004
We have snort installed in 2 Firewall boxes (FreeBSD 5.2), alerts are stored in IDS box (MySQL) and retrieved through ACID. The system worked fine until ACID stopped showing new alerts. MySQL database has no new alerts for days. MySQL is running, snort on both Firewall machines is running, ssh tunnels are open. Command 'snort -vdC' shows ongoing activity, but no alerts are being detected/stored.
Something is off because we used to receive 10-20 alerts per day, and now we have no reporting for a week or so.
Where can the problem be hidden? Please advise.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users