[Snort-users] Snort w/ Base not recording hits.

Kevin Johnson kjohnson at ...12400...
Fri Aug 19 14:46:21 EDT 2005


On Fri, 2005-08-19 at 16:40 -0400, George Laiacona wrote:
> I'm running Snort 2.3 with MySQL and BASE 1.0.1, 

First, I would recommend upgrading to a newer version of BASE.  We are
at 1.1.4 and this has fixed a number of bugs from 1.0.1.

> and it appears as though Snort is not picking up any alerts. 

This sounds like Snort is not running.

> Just quit out of the blue one day a couple of weeks back, and I'm at a loss as to why. I can't figure out which piece stopped working.
>  I don't see Snort in the ps -A list, 

This makes the my statement above seem correct.

> but if I quit mysqld, I get a "Snort cannot connect to database" error in BASE.

BASE would not know if Snort can communicate with the DB.  I think the
error you are seeing is "Can not connect to the Snort database."  This
makes sense if mysqld is shut down.

> Some pointers as to what to look for would be appreciated, thanks.

I would restart Snort and your problem should go away.

> George A. Laiacona III
> Systems Manager
> Aiken County Government

Hope that helps,

BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050819/155512da/attachment.sig>

More information about the Snort-users mailing list