Snort mailing list archives
Re: snort woes
From: "J. C. Woods" <drjung () sprynet com>
Date: Sat, 11 Aug 2001 14:17:57 -0500
Jim Starke wrote:
Phil Wood wrote: >Replace "log" with "alert" in the output database: conf specification > Also, I take it when you go to the ACID web interface, that all looks > good with the exception that all counters are zero? I replaced "log" with "alert" and still no luck. I've double checked that my firewall isn't blocking the http port accidently. I see the code red entries being entered in my http log. But still nothing is going into the mysql database. I ran snort with -v to verify that it is actually seeing packets. Here is a code red II connection that didnt' get logged. Maybe my code red rules are incorrect? I copied and pasted them right off of incidents.org though.
I would, if I were in your situation, try setting up the snort conf file, and starting snort with the appropriate switch, to see if I could just log alerts to a syslog process. This might provide you with some insight at where data is getting lost. It could just be a means of trouble-shooting. drjung -- J. Craig Woods UNIX SA -Art is the illusion of spontaneity- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort woes Jim Starke (Aug 10)
- Re: snort woes Phil Wood (Aug 10)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes J. C. Woods (Aug 11)
- Re: snort woes Jed Pickel (Aug 11)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes Phil Wood (Aug 10)
- Re: snort woes (update) Jim Starke (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)
- Re: snort woes (update) Jim Starke (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)