[Snort-users] Acid shows sensors as 0

Senthil Prabu.S prabu333 at ...8908...
Wed Nov 24 20:50:38 EST 2004


>I run a GFI scan against snort machine from another computer and still
> ACID shows nothing on its interface (it keeps showing Sensors 0).
>
> I have only one network card installed in my Fedora machine which
> enters in promiscuous mode (I can tell from the system logs) when
> snort starts.
>
> As I said before, MySql i running, snort connects to it, Snort is
> running ( I followed all the instruction of this guide
> http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)
>
> Everything seems ok to me except the fact that there is no data showing on 
> ACID.
>
> What is going on ?
>
> Please helppppppppppppppppppp.
>

Hi,
  [a]. Are you sure snort is creating alerts and log messages?
Once you stop snort running on foreground,u will see a drop-down menu
listing snort activites,there you can find the count of alerts and logs 
generated
by snort.Or checkout at log directory for latest alerts and logs

  [b]. Do u have the following line in your snort configuration file

"output database: log, mysql, user=root password=test dbname=db 
host=localhost".
If yes,get into ur mysql database,execute following commands,

mysql> use snort;
Database changed
mysql> select * from event;
.
.
8348 rows in set (0.46 sec)

you will find a list of events from snort.This confirms that Snort have 
logged datas to
database.
    If everything works well then I bet you ACID will bring them into your 
browser.


--
Senthil Prabu.S

Logic is a systematic method of coming to the wrong conclusion with 
confidence.
_________________________________________________________________
 






More information about the Snort-users mailing list