[Snort-users] SNORT,ACID,MYSQL no alerts, please help....
kjohnson at ...12400...
Mon Oct 25 03:48:01 EDT 2004
On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:
> When snort (running as a service), ACID and mysql are run, does the
> snort log all the packets in the database or does it only log the
> packets which have triggered the alerts???? I wanted to know this
> because my ACID is not showing any alerts. And when I check the
> database there is nothing logged in the database. I used third party
> tools like NMAP for port scanning, but there are no alerts. The line
> which I uncommented in snort is
> "output database: log, mysql, user=root dbname=snortdatabase
> host=localhost". I gave no password here because the same thing is
> given in mysql.ini and to the user(root) of snortdatabase created
> using DBTOOLS. username = root, and the password line is commented.
> Please help me in figuring out the problem.
> Thank you,
First, can I recommend that you use a user other then root to write any
data to your database. If you are not familiar with setting up users on
mysql, there are some great tutorials on the web.
I have a few questions for you to help us help you:
- Were there any error messages when you started Snort?
- Was it running when you performed the port scans?
- Are you configured to alert on portscans?
I would recommend that you read the document below to help you get
This file is specific to Fedora Core 2 but the principles are the same
on most O/S's.
BASE Project Lead
The next step in IDS analysis!
More information about the Snort-users