[Snort-users] No alerts on ACID

Patrick S. Harper patrick at ...4250...
Mon Oct 18 03:38:02 EDT 2004


Also, if you are using RH9 you need to know that no more patches are being
released by RH, it is EOL.  The fedora legacy project is doing patch
management for RH9 for as long as there is community interest and
involvement.

Check out http://www.fedoralegacy.org/download/ and
http://www.fedoralegacy.org/docs/ for directions on using yum and apt with
RH9 to keep it up to date.


Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of prabu
Sent: Sunday, October 17, 2004 11:23 PM
To: support; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] No alerts on ACID

Is snort able to capture packets on ur network?.
 
If so,is Snort is logging alerts to ur database?
        Before,running ACID,you can check whether your Snort Database is
getting all the logging details from the 
        senor by executing the following SQL query;
 
        # echo "SELECT count(*) FROM event" | mysql snort_db -u root  -p
         Executing above query on my system,has produced the value,       
           count(*)
           4406
        #

        Here,my MySQL database (named as snort_db) contained 4406 alerts.If
no alerts are found in the database (i.e. a 0 is returned).
This will help U,to check whether Snort is logging alerts into your Database
or not.You must check this before running ACID.
 
If you still find problem,right to me,I will send a simple and easier
configuration file to setup Snort-MySQL-ACID Setup.
 
Cheers,
Prabu.S
 
	----- Original Message ----- 
	From: support <mailto:support at ...12306...>  
	To: snort-users at lists.sourceforge.net 
	Sent: Sunday, October 17, 2004 9:15 PM
	Subject: [Snort-users] No alerts on ACID

	Hi all,
	 
	I have done the complete installation of snort on Redhat 9 , mysql ,
php . The acid console is opening properly but there are no alerts
generating. Also I have the following line in my snort.conf file
	output database: log, mysql, user=snort password=password
dbname=snort host=localhost
	 
	Is there which is missing ...need ur help
	 
	Regards,
	Raj
	 
	 
	
____________________________________________________________________________
_________________________________________________
	SITEL INDIA LTD.
	4 A, Park Davis Complex(main)
	Sakinaka,
	Andheri-Kurla Road,
	Mumbai 4000072,
	India. 
	Tel      : 91-22-2820131,28522657
	FAX     : 91-22-28561659
	IPLC    :402-536-4179  
	*e-mail: support at ...12306... <mailto:support at ...12306...> 
	 
	 
	
	---
	Outgoing mail is certified Virus Free.
	Checked by AVG anti-virus system (http://www.grisoft.com).
	Version: 6.0.776 / Virus Database: 523 - Release Date: 10/12/2004





More information about the Snort-users mailing list