[Snort-users] The data can't be saved to the msyql

jiangzhw2008 jiangzhw2008 at ...14518...
Thu Feb 12 00:12:28 EST 2009


Dear all,
   I have installed the snort+acid+mysql+apache+phpAdmin on WinXP  on laptop 4 times,however,it seemes to have worked for a while,but now the data that the snort detected can't be saved to the mysql.When I run the following command:
snort -c "c:\snort\etc\snort.conf"  
it prompted"alert file log/alert.ids"doesnt exist,then i change to 
snort -c "c:\snort\etc\snort.conf" -l "c:\snort\log"
The console showed screens of information and stopped at the "using PCAP_FRAMES=65535"(Because it once showed "not using PCAP_FRAMES",so i set the PCAP_FRAMES as a environment variable ),maybe it is working now ,but when i opened the http://localhost:8080/acid ,the data displayed on the web page 
remained unchanged(ie keep the same to the data that detected 3 days ago)as well as the mysql database!I checked the infomation on the console and can't find any errors,the size of alert.ids in the c:\snort\log is 0 KB,the size of snort.log is only 1 KB ,I used the command:
snort -c "c:\snort\etc\snort.conf" -i5 -v
-i5 stands for the physical eth0(i've installed the vmware)
the infomation on console scrolled by and by.I found that the size of  alert.ids and snort.log became bigger and the data on the acid updated!Nevertheless,the detection of tcp was always 0% and i rerun the command above ,the data in mysql database kept unchanged and the alert.ids shrunk to 0 KB, though the information on the console showed on and on! 
In a word,there are  main problem:
1.when run the command:
snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev
the information shown on the console stopped at the sentence at:
using PACP_FRMAES=65535
2.Even i run such command:
snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev -i5
the information changed in time with detection while the mysql database unchanged and the size of aler.ids is 0 KB,snort.log.* is 1 KB.
 
Best regards!
   jiangzhw2008 at ...14518...
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090212/6fba08c3/attachment.html>


More information about the Snort-users mailing list