[Snort-users] Acid shows sensors as 0

Gentian Hila gentianhila at ...11827...
Wed Nov 24 08:06:48 EST 2004


I run a GFI scan against snort machine from another computer and still
ACID shows nothing on its interface (it keeps showing Sensors 0).

I have only one network card installed in my Fedora machine which
enters in promiscuous mode (I can tell from the system logs) when
snort starts.

As I said before, MySql i running, snort connects to it, Snort is
running ( I followed all the instruction of this guide
http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)

Everything seems ok to me except the fact that there is no data showing on ACID.

What is going on ?

Please helppppppppppppppppppp. 




On Tue, 23 Nov 2004 16:41:27 -0500, Gentian Hila <gentianhila at ...11827...> wrote:
> Thank you very much sir. I will give it a try.
> 
> 
> 
> 
> On Tue, 23 Nov 2004 15:20:38 -0600, Shawn Kottke <skottke at ...11993...> wrote:
> >
> >
> > Use nmap or something to do a scan against the box or a short range of IPs
> > on your network and see if snort detects anything.
> >
> >
> >
> >
> >
> >
> >  -----Original Message-----
> >  From: snort-users-admin at lists.sourceforge.net
> > <snort-users-admin at lists.sourceforge.net>
> >  To: Kevin Johnson <kjohnson at ...12400...>
> >  CC: Snort Users <snort-users at lists.sourceforge.net>
> >  Sent: Tue Nov 23 14:31:11 2004
> >  Subject: Re: [Snort-users] Acid shows sensors as 0
> >
> >  Maybe that might be it. How can I test that is really doing something ?
> >
> >
> >  On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson
> >  <kjohnson at ...12400...> wrote:
> >  > On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> >  >
> >  >
> >  > > The line that configures snort to connect in snort.conf is uncommented
> >  > > and is like this:
> >  > >
> >  > > output database: log, mysql, user=snort password=******
> >  > >  dbname=snort host=localhost
> >  > >
> >  > > (******  is the password) and snort connects as snort user in Mysql
> >  > > and db name in mysql is snort.
> >  > >
> >  > > I have an empty event table.
> >  > >
> >  > > mysql> select * from event;
> >  > > Empty set (0.00 sec)
> >  > >
> >  > > My question is: when you setup snort and acid, is it supposed to work
> >  > > normally or do you have to configure other stuff and rules. My guess
> >  > > is that it should work, even though it might need to be tuned. But
> >  > > that's another story.
> >  >
> >  > It should work normally.  How long has Snort been running?  I would have
> >  > to guess that it hasn't seen anything that it considered something to
> >  > alert on.  Until it sees something, for example someone accessing a web
> >  > server and trying to get cmd.exe,  that your rules would fire on, it
> >  > doesn't report anything for ACID/BASE to display.
> >  >
> >  >
> >  >
> >  > Kevin
> >  > -------------------
> >  > BASE Project Lead
> >  > http://sourceforge.net/projects/secureideas
> >  > http://base.secureideas.net
> >  > The next step in IDS analysis!
> >  >
> >  >
> >  >
> >
> >
> >  -------------------------------------------------------
> >  SF email is sponsored by - The IT Product Guide
> >  Read honest & candid reviews on hundreds of IT Products from real users.
> >  Discover which products truly live up to the hype. Start reading now.
> >  http://productguide.itmanagersjournal.com/
> >  _______________________________________________
> >  Snort-users mailing list
> >  Snort-users at lists.sourceforge.net
> >  Go to this URL to change user options or unsubscribe:
> >  https://lists.sourceforge.net/lists/listinfo/snort-users
> >  Snort-users list archive:
> >  http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
>




More information about the Snort-users mailing list