[Snort-users] Acid shows sensors as 0
kjohnson at ...12400...
Tue Nov 23 12:29:00 EST 2004
On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> The line that configures snort to connect in snort.conf is uncommented
> and is like this:
> output database: log, mysql, user=snort password=******
> dbname=snort host=localhost
> (****** is the password) and snort connects as snort user in Mysql
> and db name in mysql is snort.
> I have an empty event table.
> mysql> select * from event;
> Empty set (0.00 sec)
> My question is: when you setup snort and acid, is it supposed to work
> normally or do you have to configure other stuff and rules. My guess
> is that it should work, even though it might need to be tuned. But
> that's another story.
It should work normally. How long has Snort been running? I would have
to guess that it hasn't seen anything that it considered something to
alert on. Until it sees something, for example someone accessing a web
server and trying to get cmd.exe, that your rules would fire on, it
doesn't report anything for ACID/BASE to display.
BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users