[Snort-users] Acid shows sensors as 0

Kevin Johnson kjohnson at ...12400...
Tue Nov 23 12:29:00 EST 2004

On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> The line that configures snort to connect in snort.conf is uncommented
> and is like this:
> output database: log, mysql, user=snort password=******
>  dbname=snort host=localhost
> (******  is the password) and snort connects as snort user in Mysql
> and db name in mysql is snort.
> I have an empty event table.
> mysql> select * from event;
> Empty set (0.00 sec)
> My question is: when you setup snort and acid, is it supposed to work
> normally or do you have to configure other stuff and rules. My guess
> is that it should work, even though it might need to be tuned. But
> that's another story.

It should work normally.  How long has Snort been running?  I would have
to guess that it hasn't seen anything that it considered something to
alert on.  Until it sees something, for example someone accessing a web
server and trying to get cmd.exe,  that your rules would fire on, it
doesn't report anything for ACID/BASE to display.

BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041123/5f3d22ad/attachment.sig>

More information about the Snort-users mailing list