[Snort-users] The data can't be saved to the msyql

Joel Esler eslerj at ...11827...
Thu Feb 12 00:23:12 EST 2009


I am not familiar with Snort on Windows, however, what is your output
method?  Have you tried running Snort in daemon mode?  (-D)

J

2009/2/12 jiangzhw2008 <jiangzhw2008 at ...14518...>
>
> Dear all,
>    I have installed the snort+acid+mysql+apache+phpAdmin on WinXP  on laptop 4 times,however,it seemes to have worked for a while,but now the data that the snort detected can't be saved to the mysql.When I run the following command:
> snort -c "c:\snort\etc\snort.conf"
> it prompted"alert file log/alert.ids"doesnt exist,then i change to
> snort -c "c:\snort\etc\snort.conf" -l "c:\snort\log"
> The console showed screens of information and stopped at the "using PCAP_FRAMES=65535"(Because it once showed "not using PCAP_FRAMES",so i set the PCAP_FRAMES as a environment variable ),maybe it is working now ,but when i opened the http://localhost:8080/acid ,the data displayed on the web page
> remained unchanged(ie keep the same to the data that detected 3 days ago)as well as the mysql database!I checked the infomation on the console and can't find any errors,the size of alert.ids in the c:\snort\log is 0 KB,the size of snort.log is only 1 KB ,I used the command:
> snort -c "c:\snort\etc\snort.conf" -i5 -v
> -i5 stands for the physical eth0(i've installed the vmware)
> the infomation on console scrolled by and by.I found that the size of  alert.ids and snort.log became bigger and the data on the acid updated!Nevertheless,the detection of tcp was always 0% and i rerun the command above ,the data in mysql database kept unchanged and the alert.ids shrunk to 0 KB, though the information on the console showed on and on!
> In a word,there are  main problem:
> 1.when run the command:
> snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev
> the information shown on the console stopped at the sentence at:
> using PACP_FRMAES=65535
> 2.Even i run such command:
> snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev -i5
> the information changed in time with detection while the mysql database unchanged and the size of aler.ids is 0 KB,snort.log.* is 1 KB.
>
> Best regards!
>    jiangzhw2008 at ...14518...
>
>
> ------------------------------------------------------------------------------
> Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
> software. With Adobe AIR, Ajax developers can use existing skills and code to
> build responsive, highly engaging applications that combine the power of local
> resources and data with the reach of the web. Download the Adobe AIR SDK and
> Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Joel Esler
http://www.joelesler.net




More information about the Snort-users mailing list