[Snort-users] Acid shows sensors as 0
prabu333 at ...8908...
Wed Nov 24 20:50:38 EST 2004
>I run a GFI scan against snort machine from another computer and still
> ACID shows nothing on its interface (it keeps showing Sensors 0).
> I have only one network card installed in my Fedora machine which
> enters in promiscuous mode (I can tell from the system logs) when
> snort starts.
> As I said before, MySql i running, snort connects to it, Snort is
> running ( I followed all the instruction of this guide
> http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)
> Everything seems ok to me except the fact that there is no data showing on
> What is going on ?
> Please helppppppppppppppppppp.
[a]. Are you sure snort is creating alerts and log messages?
Once you stop snort running on foreground,u will see a drop-down menu
listing snort activites,there you can find the count of alerts and logs
by snort.Or checkout at log directory for latest alerts and logs
[b]. Do u have the following line in your snort configuration file
"output database: log, mysql, user=root password=test dbname=db
If yes,get into ur mysql database,execute following commands,
mysql> use snort;
mysql> select * from event;
8348 rows in set (0.46 sec)
you will find a list of events from snort.This confirms that Snort have
logged datas to
If everything works well then I bet you ACID will bring them into your
Logic is a systematic method of coming to the wrong conclusion with
More information about the Snort-users