[Snort-users] SNORT,ACID,MYSQL no alerts, please help....

Kevin Johnson kjohnson at ...12400...
Mon Oct 25 03:48:01 EDT 2004


On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:
> Hi,
> When snort (running as a service), ACID and mysql are run, does the
> snort log all the packets in the database or does it only log the
> packets which have triggered the alerts????   I wanted to know this
> because my ACID is not showing any alerts. And when I check the
> database there is nothing logged in the database. I used third party
> tools like NMAP for port scanning, but there are no alerts. The line
> which I uncommented in snort is
> "output database: log, mysql, user=root  dbname=snortdatabase
> host=localhost". I gave no password here because the same thing is
> given in mysql.ini and to the user(root) of snortdatabase created
> using DBTOOLS. username = root, and the password line is commented.
> Please help me in figuring out the problem.
> Thank you, 
> Regards,
> ZAHID.

Hi-

First, can I recommend that you use a user other then root to write any
data to your database.  If you are not familiar with setting up users on
mysql, there are some great tutorials on the web.

I have a few questions for you to help us help you:

- Were there any error messages when you started Snort?
- Was it running when you performed the port scans?
- Are you configured to alert on portscans?

I would recommend that you read the document below to help you get
started.  
http://www.snort.org/docs/Snort_SSL_FC2.pdf

This file is specific to Fedora Core 2 but the principles are the same
on most O/S's.

Thanks
Kevin
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
The next step in IDS analysis!





More information about the Snort-users mailing list