Snort mailing list archives
RE: Snort, php, MySQL and acid showing no activity
From: "Rafeeq Ur Rehman" <rafeeq.rehman () dedicatedtech com>
Date: Fri, 23 Aug 2002 16:01:24 -0400
I recommend a very useful (but not-so-good) rule to test Snort installation. It is as follows: alert icmp any any -> any any (msg: "ICMP Packet found";) Add this rule at the end of snort.conf file and then ping the Snort machine. If no alert is logged, there is some problem with Snort installation. If you see these alerts, BE PATIENT to see more (real) alerts. Rafeeq -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Joshua Rogers Sent: Friday, August 23, 2002 2:50 PM To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no activity Ok, I ran 'nmap -v -sS -O <server ip>' on the snort machine and on another server. Both tests did not show up in the acid console and nothing in the MySQL db. There is also nothing showing up in the portscan log file. I am guessing I missed something in the setup. Thanks, Joshua Rogers Webmaster InterPlanetary Web Services 303-940-2597 IBO# 60092 ----- Original Message ----- From: "Demetri Mouratis" <dmourati () cm math uiuc edu> To: "Randy Bey" <Randy.Bey () rivernorthsys com> Cc: <Snort-users () lists sourceforge net> Sent: Friday, August 23, 2002 11:33 AM Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no activity
Nmap is a easier and faster in that it doesn't require client/server setup: http://www.insecure.org HTH On Fri, 23 Aug 2002, Randy Bey wrote:Oh yes, you need to do something to trigger a rule. I usually just run a quick Nessus(tm) scan; that does it for me. If there are faster, easier ways to trip a rule, please someone let me know. Randy Bey RiverNorth Systems 7300 W 147th St Suite 300 Apple Valley, MN 55124 http://www.rivernorthsys.com -----Original Message----- From: Joshua Rogers [mailto:josh () ipws com] Sent: Friday, August 23, 2002 10:24 AM To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no activity I just tried: /usr/local/bin/snort -c /etc/snort/snort.conf -D from the command line. It created an additional sensor, but still no activity in the db. Do I need to create any alerts? It seems that I can not create a useful alert until I have a traffic pattern to base it on. Am I correct in this assumption? Thanks, Joshua Rogers Webmaster InterPlanetary Web Services 303-940-2597 IBO# 60092 ----- Original Message ----- From: "Randy Bey" <Randy.Bey () rivernorthsys com> To: "Joshua Rogers" <josh () ipws com>; <Snort-users () lists sourceforge net> Sent: Friday, August 23, 2002 9:31 AM Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no activity Have you made sure you aren't using any -A switches on your snort command line? It should be as simple as: /usr/local/bin/snort -c /etc/snort/snort.conf -D Randy Bey RiverNorth Systems 7300 W 147th St Suite 300 Apple Valley, MN 55124 http://www.rivernorthsys.com -----Original Message----- From: Joshua Rogers [mailto:josh () ipws com] Sent: Thursday, August 22, 2002 4:28 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] Snort, php, MySQL and acid showing no activity Hi, I do not know what information will be helpful in showing me how to track down a problem on my system, but here goes. I am running: Red Hat Linux 7.3 with the latest updates PHP 4.2.1, register globals=on Apache 1.3.26 MySQL 3.23.39 GD 1.6.2 The latest acid BCMath I followed the great doc on setting up snort-rh7-mysql, from the snort website. I had to make a few changes since I am running 7.3 and did not have all of the drive space shown in the doc. Somewhere along the line I think I missed something. Snort and MySQL seems to be running, the acid interface comes up fine with no errors but there is no data that shows up in the database or in the acid interface. What information would you need to help point me in the right direction to get snort recording data? Thanks, Joshua Rogers Webmaster InterPlanetary Web Services 303-940-2597 IBO# 60092 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _________________________--------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, php, MySQL and acid showing no activity Randy Bey (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- <Possible follow-ups>
- RE: Snort, php, MySQL and acid showing no activity Randy Bey (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity Rafeeq Ur Rehman (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Erek Adams (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Jim Burwell (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Phil Wood (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity McClure Gammon (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Erek Adams (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)