[Snort-users] Snort is running, but doesn't fill IDS/ACID with alerts

andreis as at ...11814...
Mon May 17 12:14:11 EDT 2004


Hi, all:
We have snort installed in 2 Firewall boxes (FreeBSD 5.2), alerts are stored in IDS box (MySQL) and retrieved through ACID. The system worked fine until ACID stopped showing new alerts. MySQL database has no new alerts for days. MySQL is running, snort on both Firewall machines is running, ssh tunnels are open. Command 'snort -vdC' shows ongoing activity, but no alerts are being detected/stored.
Something is off because we used to receive 10-20 alerts per day, and now we have no reporting for a week or so.
Where can the problem be hidden? Please advise.
Thanks.
AndreiS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040517/4ce2073f/attachment.html>


More information about the Snort-users mailing list