Re: snort woes

["J. C. Woods" <drjung () sprynet com>]

Jim Starke wrote:
> Phil Wood wrote:
>
>  >Replace "log" with "alert" in the output database: conf specification
>
>  > Also, I take it when you go to the ACID web interface, that all looks
>  > good with the exception that all counters are zero?
>
> I replaced "log" with "alert" and still no luck. I've double checked
> that my firewall isn't blocking the http port accidently. I see the code
> red entries being entered in my http log. But still nothing is going
> into the mysql database. I ran snort with -v to verify that it is
> actually seeing packets.
>
> Here is a code red II connection that didnt' get logged. Maybe my code
> red rules are incorrect? I copied and pasted them right off of
> incidents.org though.
 
I would, if I were in your situation, try setting up the snort conf
file, and starting snort with the appropriate switch, to see if I could
just log alerts to a syslog process. This might provide you with some
insight at where data is getting lost. It could just be a means of
trouble-shooting.

drjung

-- 
J. Craig Woods
UNIX SA

-Art is the illusion of spontaneity-

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users