[Snort-users] Acid shows sensors as 0

jacques brierre jbrierre at ...163...
Sat Nov 27 17:45:09 EST 2004


you can also avoid the screen dump of alerts and go directly for the count.

mysql> select COUNT(*) from event;
+----------+
| COUNT(*) |
+----------+
|    42991 |
+----------+
1 row in set (0.00 sec)

mysql>

-jb

Senthil Prabu.S wrote:

>
>> I run a GFI scan against snort machine from another computer and still
>> ACID shows nothing on its interface (it keeps showing Sensors 0).
>>
>> I have only one network card installed in my Fedora machine which
>> enters in promiscuous mode (I can tell from the system logs) when
>> snort starts.
>>
>> As I said before, MySql i running, snort connects to it, Snort is
>> running ( I followed all the instruction of this guide
>> http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)
>>
>> Everything seems ok to me except the fact that there is no data 
>> showing on ACID.
>>
>> What is going on ?
>>
>> Please helppppppppppppppppppp.
>>
>
> Hi,
>  [a]. Are you sure snort is creating alerts and log messages?
> Once you stop snort running on foreground,u will see a drop-down menu
> listing snort activites,there you can find the count of alerts and 
> logs generated
> by snort.Or checkout at log directory for latest alerts and logs
>
>  [b]. Do u have the following line in your snort configuration file
>
> "output database: log, mysql, user=root password=test dbname=db 
> host=localhost".
> If yes,get into ur mysql database,execute following commands,
>
> mysql> use snort;
> Database changed
> mysql> select * from event;
> .
> .
> 8348 rows in set (0.46 sec)
>
> you will find a list of events from snort.This confirms that Snort 
> have logged datas to
> database.
>    If everything works well then I bet you ACID will bring them into 
> your browser.
>
>
> -- 
> Senthil Prabu.S
>
> Logic is a systematic method of coming to the wrong conclusion with 
> confidence.
> _________________________________________________________________
>
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list