[Snort-users] SNORT,ACID,MYSQL no alerts, please help....

Steven Crandell steven.crandell at ...11827...
Mon Oct 25 16:01:02 EDT 2004


Make sure to manually confirm that snort is actually running.  The
contributed startup script will fail silently so that you see:

Starting Intrusion Database System: SNORT
SNORT is up and running!

but if you have a syntax error in snort.conf or something like that,
it'll just die smiling.  You can avoid the startup script problem by
starting it entirely on the command line, but I prefer to comment out
the OPTION="-D" in the init script, start it up and see what happens.

regards,
steve




On Mon, 25 Oct 2004 06:47:06 -0400, Kevin Johnson
<kjohnson at ...12400...> wrote:
> On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:
> > Hi,
> > When snort (running as a service), ACID and mysql are run, does the
> > snort log all the packets in the database or does it only log the
> > packets which have triggered the alerts????   I wanted to know this
> > because my ACID is not showing any alerts. And when I check the
> > database there is nothing logged in the database. I used third party
> > tools like NMAP for port scanning, but there are no alerts. The line
> > which I uncommented in snort is
> > "output database: log, mysql, user=root  dbname=snortdatabase
> > host=localhost". I gave no password here because the same thing is
> > given in mysql.ini and to the user(root) of snortdatabase created
> > using DBTOOLS. username = root, and the password line is commented.
> > Please help me in figuring out the problem.
> > Thank you,
> > Regards,
> > ZAHID.
> 
> Hi-
> 
> First, can I recommend that you use a user other then root to write any
> data to your database.  If you are not familiar with setting up users on
> mysql, there are some great tutorials on the web.
> 
> I have a few questions for you to help us help you:
> 
> - Were there any error messages when you started Snort?
> - Was it running when you performed the port scans?
> - Are you configured to alert on portscans?
> 
> I would recommend that you read the document below to help you get
> started.
> http://www.snort.org/docs/Snort_SSL_FC2.pdf
> 
> This file is specific to Fedora Core 2 but the principles are the same
> on most O/S's.
> 
> Thanks
> Kevin
> -------------------
> BASE Project Lead
> http://sourceforge.net/projects/secureideas
> The next step in IDS analysis!
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


-- 
Steven Crandell
steven.crandell at ...11827...




More information about the Snort-users mailing list