[Snort-users] Very Limited Alerting In ACID

Eric Kahklen eric at ...12407...
Tue Sep 28 09:17:04 EDT 2004


I am setting up my first Snort Sensor on a Debian Sarge box.

I've used the apt-get packages for snort, mysql, Apache, and ACID.

Everything appears to be working, except I get only a few alerts that show
up in the ACID display.  When I look at my /var/log/snort directory, the
alert and tcpdump files are be changed as new alerts occur.  Upon
inspection of the log files I see the alerts I am testing, but the ACID
display shows nothing.  If I run an NMAP scan against the sensor, it
lights up everytime in ACID!!

Can anyone give me some hints what I may be missing??

CC me on the response since I get this list in digest form.

Thank you!!!

Eric


-- 
Eric Kahklen
Seattle, WA





More information about the Snort-users mailing list