[Snort-users] Acid shows sensors as 0

Gentian Hila gentianhila at ...11827...
Tue Nov 23 11:32:01 EST 2004


Well, here it is what I get:


mysql> select * from sensor;
+-----+------------+-----------+--------+--------+----------+----------+
| sid | hostname   | interface | filter | detail | encoding | last_cid |
+-----+------------+-----------+--------+--------+----------+----------+
|   1 | 10.1.51.76 | eth0      | NULL   |      1 |        0 |        0 |
|   2 | snort      | eth0      | NULL   |      1 |        0 |        0 |
+-----+------------+-----------+--------+--------+----------+----------+

and 


mysql> select count(*) from sensor;
+----------+
| count(*) |
+----------+
|        2 |
+----------+
1 row in set (0.00 sec)

Does it mean that is connecting ok ? I guess so ?
What table is that snort saves the data ?

Thank you very much :)


On Tue, 23 Nov 2004 14:15:47 -0500, Kevin Johnson
<kjohnson at ...12400...> wrote:
> On Tue, 2004-11-23 at 14:07, Gentian Hila wrote:
> 
> 
> > Hi all,
> >
> >
> >
> > I have snort configured on Fedor core 2. Everything went well and I
> > installed Acid as well. Snort runs, mysql runs. I was able to create
> > the tables and granting the permissions. Everything went just fine.
> > The problem I am having is acid is not displaying any traffic. I have
> > seen the snort logs and
> > they have traffic. Could someone please tell me why acid is not
> > displaying any traffic.
> > The acid page shows sensors as 0.
> 
> It would appear to me that Snort is not logging to the database.
> ACID/BASE will only display traffic that has made it to the database.  A
> simple test would be to run the following SQL command and see if it
> returns a count above 0....
> 
> SELECT count(*) FROM `sensor`;
> 
> This will let you know if the sensor is even connecting to the
> database.
> 
> Let me know if you need any more help.
> Kevin Johnson
> -------------------
> BASE Project Lead
> http://sourceforge.net/projects/secureideas
> http://base.secureideas.net
> The next step in IDS analysis!
> 
> 
>




More information about the Snort-users mailing list