[Snort-users] Acid shows sensors as 0
skottke at ...11993...
Tue Nov 23 13:22:05 EST 2004
Use nmap or something to do a scan against the box or a short range of IPs on your network and see if snort detects anything.
From: snort-users-admin at lists.sourceforge.net <snort-users-admin at ...4626...ceforge.net>
To: Kevin Johnson <kjohnson at ...12400...>
CC: Snort Users <snort-users at lists.sourceforge.net>
Sent: Tue Nov 23 14:31:11 2004
Subject: Re: [Snort-users] Acid shows sensors as 0
Maybe that might be it. How can I test that is really doing something ?
On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson
<kjohnson at ...12400...> wrote:
> On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> > The line that configures snort to connect in snort.conf is uncommented
> > and is like this:
> > output database: log, mysql, user=snort password=******
> > dbname=snort host=localhost
> > (****** is the password) and snort connects as snort user in Mysql
> > and db name in mysql is snort.
> > I have an empty event table.
> > mysql> select * from event;
> > Empty set (0.00 sec)
> > My question is: when you setup snort and acid, is it supposed to work
> > normally or do you have to configure other stuff and rules. My guess
> > is that it should work, even though it might need to be tuned. But
> > that's another story.
> It should work normally. How long has Snort been running? I would have
> to guess that it hasn't seen anything that it considered something to
> alert on. Until it sees something, for example someone accessing a web
> server and trying to get cmd.exe, that your rules would fire on, it
> doesn't report anything for ACID/BASE to display.
> BASE Project Lead
> The next step in IDS analysis!
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users