[Snort-users] Sensors and alerts stop showing up in ACID

Bristol, Gary L. gbristol at ...10387...
Tue Feb 15 14:23:51 EST 2005


Not using Barnyard for the output.
The Sensor_id entry is in the Sensor Table of the Snort DB.
This is information from two different sensors to a central DB that
worked previously to upgrading to 2.3.0, although that might not be the
problem, since I had been using it for about a week.
It seemed to stop working after an signature upgrade, last week. 

-----Original Message-----
From: Chris Vaughan [mailto:chrisv at ...12963...] 
Sent: Tuesday, February 15, 2005 4:15 PM
To: Bristol, Gary L.; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Sensors and alerts stop showing up in ACID

Are you sure that in your barnyard.conf you are logging with two
different sensor_ids?

 -----Original Message-----
From: 	snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]  On Behalf Of Bristol,
Gary L.
Sent:	Tuesday, February 15, 2005 4:35 PM
To:	snort-users at lists.sourceforge.net
Subject:	[Snort-users] Sensors and alerts stop showing up in ACID

I recently updated my sensors to snort 2.3.0.
The problem I'm seeing on two different databases is that one of the
sensors alerts and information shows up just fine but the other one,
even though it's listed in the sensor table doesn't show as being there
in the ACID page of sensors and no alerts from this sensor is showing
up.

On one database I completely removed the Snort db and recreated it from
scratch, same problem, one sensor and it's alerts show up, the other
doesn't.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users







More information about the Snort-users mailing list