[Snort-users] Acid shows sensors as 0

Shawn Kottke skottke at ...11993...
Tue Nov 23 13:22:05 EST 2004


Use nmap or something to do a scan against the box or a short range of IPs on your network and see if snort detects anything. 




-----Original Message-----
From: snort-users-admin at lists.sourceforge.net <snort-users-admin at ...4626...ceforge.net>
To: Kevin Johnson <kjohnson at ...12400...>
CC: Snort Users <snort-users at lists.sourceforge.net>
Sent: Tue Nov 23 14:31:11 2004
Subject: Re: [Snort-users] Acid shows sensors as 0

Maybe that might be it. How can I test that is really doing something ? 


On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson
<kjohnson at ...12400...> wrote:
> On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> 
> 
> > The line that configures snort to connect in snort.conf is uncommented
> > and is like this:
> >
> > output database: log, mysql, user=snort password=******
> >  dbname=snort host=localhost
> >
> > (******  is the password) and snort connects as snort user in Mysql
> > and db name in mysql is snort.
> >
> > I have an empty event table.
> >
> > mysql> select * from event;
> > Empty set (0.00 sec)
> >
> > My question is: when you setup snort and acid, is it supposed to work
> > normally or do you have to configure other stuff and rules. My guess
> > is that it should work, even though it might need to be tuned. But
> > that's another story.
> 
> It should work normally.  How long has Snort been running?  I would have
> to guess that it hasn't seen anything that it considered something to
> alert on.  Until it sees something, for example someone accessing a web
> server and trying to get cmd.exe,  that your rules would fire on, it
> doesn't report anything for ACID/BASE to display.
> 
> 
> 
> Kevin
> -------------------
> BASE Project Lead
> http://sourceforge.net/projects/secureideas
> http://base.secureideas.net
> The next step in IDS analysis!
> 
> 
>


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041123/71c6447f/attachment.html>


More information about the Snort-users mailing list