[Snort-users] Acid shows sensors as 0

Gentian Hila gentianhila at ...11827...
Tue Nov 23 13:42:05 EST 2004


Thank you very much sir. I will give it a try.




On Tue, 23 Nov 2004 15:20:38 -0600, Shawn Kottke <skottke at ...11993...> wrote:
>  
> 
> Use nmap or something to do a scan against the box or a short range of IPs
> on your network and see if snort detects anything.
> 
> 
>  
>  
>  
>  
>  -----Original Message-----
>  From: snort-users-admin at lists.sourceforge.net
> <snort-users-admin at lists.sourceforge.net>
>  To: Kevin Johnson <kjohnson at ...12400...>
>  CC: Snort Users <snort-users at lists.sourceforge.net>
>  Sent: Tue Nov 23 14:31:11 2004
>  Subject: Re: [Snort-users] Acid shows sensors as 0
>  
>  Maybe that might be it. How can I test that is really doing something ?
>  
>  
>  On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson
>  <kjohnson at ...12400...> wrote:
>  > On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
>  >
>  >
>  > > The line that configures snort to connect in snort.conf is uncommented
>  > > and is like this:
>  > >
>  > > output database: log, mysql, user=snort password=******
>  > >  dbname=snort host=localhost
>  > >
>  > > (******  is the password) and snort connects as snort user in Mysql
>  > > and db name in mysql is snort.
>  > >
>  > > I have an empty event table.
>  > >
>  > > mysql> select * from event;
>  > > Empty set (0.00 sec)
>  > >
>  > > My question is: when you setup snort and acid, is it supposed to work
>  > > normally or do you have to configure other stuff and rules. My guess
>  > > is that it should work, even though it might need to be tuned. But
>  > > that's another story.
>  >
>  > It should work normally.  How long has Snort been running?  I would have
>  > to guess that it hasn't seen anything that it considered something to
>  > alert on.  Until it sees something, for example someone accessing a web
>  > server and trying to get cmd.exe,  that your rules would fire on, it
>  > doesn't report anything for ACID/BASE to display.
>  >
>  >
>  >
>  > Kevin
>  > -------------------
>  > BASE Project Lead
>  > http://sourceforge.net/projects/secureideas
>  > http://base.secureideas.net
>  > The next step in IDS analysis!
>  >
>  >
>  >
>  
>  
>  -------------------------------------------------------
>  SF email is sponsored by - The IT Product Guide
>  Read honest & candid reviews on hundreds of IT Products from real users.
>  Discover which products truly live up to the hype. Start reading now.
>  http://productguide.itmanagersjournal.com/
>  _______________________________________________
>  Snort-users mailing list
>  Snort-users at lists.sourceforge.net
>  Go to this URL to change user options or unsubscribe:
>  https://lists.sourceforge.net/lists/listinfo/snort-users
>  Snort-users list archive:
>  http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
> 
>




More information about the Snort-users mailing list