[Snort-users] Snort 2.2.0 & ACID 0.9.6b23

Matthew K. Lee mattl at ...12405...
Fri Sep 10 14:58:25 EDT 2004


Pedro,

output database: log, mysql, user=<username> password=<password>
dbname=snort host=localhost

(With the correct values for username and password, of course.)

The interesting this is that I'm actually getting information in the
snort.event, snort.data, snort.icmphdr, snort.tcphdr, etc.  I am not
getting any records created in the acid tables, however.

I've tried dropping and recreating all the tables.  I've tried dropping
and recreating the database.  All with no luck.

Thanks,

Matthew Lee

-----Original Message-----
From: Pedro Fortuna [mailto:pedro.fortuna at ...11827...] 
Sent: Friday, September 10, 2004 1:43 PM
To: Matthew K. Lee
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort 2.2.0 & ACID 0.9.6b23

How's your "output database: " line in snort.conf ?
Pedro Fortuna


On Fri, 10 Sep 2004 10:01:28 -0500, Matthew K. Lee <mattl at ...12405...>
wrote:
> Hello all,
> 
> I'm running snort-2.2.0, mysql (with schema 106), and acid 0.9.6b23.
> I'm getting some of the alert information to show up in acid, but the
> actual alerts are not displayed.  I've checked the database, and the
> information is being logged correctly.  It seems as though the alert
> page is just not returning any rows.  I wonder if there was a change
in
> the schema version that may have broken compatibility with ACID
> 0.9.6b23?
> 
> Has anyone else encountered this?  If so, what did you do to resolve
the
> issue?
> 
> Thanks,
> 
> Matthew Lee
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement
on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?listsnort-users
>




More information about the Snort-users mailing list