[Snort-users] Acid shows sensors as 0

Kevin Johnson kjohnson at ...12400...
Tue Nov 23 12:29:00 EST 2004


On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> The line that configures snort to connect in snort.conf is uncommented
> and is like this:
> 
> output database: log, mysql, user=snort password=******
>  dbname=snort host=localhost
> 
> (******  is the password) and snort connects as snort user in Mysql
> and db name in mysql is snort.
> 
> I have an empty event table.
> 
> mysql> select * from event;
> Empty set (0.00 sec)
> 
> My question is: when you setup snort and acid, is it supposed to work
> normally or do you have to configure other stuff and rules. My guess
> is that it should work, even though it might need to be tuned. But
> that's another story.

It should work normally.  How long has Snort been running?  I would have
to guess that it hasn't seen anything that it considered something to
alert on.  Until it sees something, for example someone accessing a web
server and trying to get cmd.exe,  that your rules would fire on, it
doesn't report anything for ACID/BASE to display.

Kevin
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041123/5f3d22ad/attachment.sig>


More information about the Snort-users mailing list