RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0

["Allyn Baskerville" <allynb () adsne com>]

I just noticed something. Under SnortCenter, I have 2 sensors currently that
are showing up green and the PID is given. However, under ACID one of the
windows shows the following:

Sensors: 0
Unique Alerts: 0    (   0 categories   )
Total Number of Alerts: 0
Source IP addresses: 0
Dest. IP addresses: 0
Unique IP links 0

Source Ports: 0
TCP ( 0)  UDP ( 0)
Dest. Ports: 0
TCP ( 0)  UDP ( 0)

Note there aren't any sensors given on the top line. Thanks again.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael
Steele
Sent: Saturday, June 14, 2003 1:20 AM
To: allynb () adsne com; snort-users () lists sourceforge net
Subject: RE: [Snort-users] New Installation - Problem with No Alerts
with Snort, MySQL, SnortCenter and ACID on Redhat 9.0


Is snort even seeing any traffic 'snort -i<interface> -v'

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician
 mailto:michaels () winsnort com
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn
Baskerville
Sent: Friday, June 13, 2003 10:13 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] New Installation - Problem with No Alerts with Snort,
MySQL, SnortCenter and ACID on Redhat 9.0

I finally got the Snort Enterprise Implementation (by Steven Scott)
completed. I have some slightly different files than the manual as only
newer ones were available for downloading. Additionally, all components of
the IDS are installed on a single machine with 3 NICs. Two do not have an IP
address bound to the adapters, and the 3rd is the one with the private IP. I
can't find a single error in any of the logs, all web pages open and
function as expected, and the sensors, SnortCenter, ACID, and MySQL are
running. I verified that I had port mirroring set up on the switches, but
just in case I put the external sensor on a hub. I've selected all
parameters possible on the sensors, and I've also performed scans. I simply
cannot get an alert to show up on ACID, and when I look at the database the
count equals 0. For grins, I also enabled Snort on the NIC with an IP
address and scanned it. It also didn't turn up any alerts.

Thanks for any assistance. Allyn



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users