[Snort-users] Acid shows sensors as 0
jbrierre at ...163...
Sat Nov 27 17:45:09 EST 2004
you can also avoid the screen dump of alerts and go directly for the count.
mysql> select COUNT(*) from event;
| COUNT(*) |
| 42991 |
1 row in set (0.00 sec)
Senthil Prabu.S wrote:
>> I run a GFI scan against snort machine from another computer and still
>> ACID shows nothing on its interface (it keeps showing Sensors 0).
>> I have only one network card installed in my Fedora machine which
>> enters in promiscuous mode (I can tell from the system logs) when
>> snort starts.
>> As I said before, MySql i running, snort connects to it, Snort is
>> running ( I followed all the instruction of this guide
>> http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)
>> Everything seems ok to me except the fact that there is no data
>> showing on ACID.
>> What is going on ?
>> Please helppppppppppppppppppp.
> [a]. Are you sure snort is creating alerts and log messages?
> Once you stop snort running on foreground,u will see a drop-down menu
> listing snort activites,there you can find the count of alerts and
> logs generated
> by snort.Or checkout at log directory for latest alerts and logs
> [b]. Do u have the following line in your snort configuration file
> "output database: log, mysql, user=root password=test dbname=db
> If yes,get into ur mysql database,execute following commands,
> mysql> use snort;
> Database changed
> mysql> select * from event;
> 8348 rows in set (0.46 sec)
> you will find a list of events from snort.This confirms that Snort
> have logged datas to
> If everything works well then I bet you ACID will bring them into
> your browser.
> Senthil Prabu.S
> Logic is a systematic method of coming to the wrong conclusion with
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users