Snort mailing list archives
RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0
From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 14 Jun 2003 07:50:51 -0700
From a terminal window type your complete run line and tag the -T switch to
the end and make sure Snort is reading the configuration, reading the rules, and connecting to the database. If that is happening then do a tcpdump on the sniffing interface and make sure there is real traffic that will trigger the rules. You do have your HOME_NET set properly? Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn Baskerville Sent: Saturday, June 14, 2003 7:07 AM To: Michael Steele; snort-users () lists sourceforge net Subject: RE: [Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Yes, I'm seeing the traffic using this command. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Saturday, June 14, 2003 1:20 AM To: allynb () adsne com; snort-users () lists sourceforge net Subject: RE: [Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Is snort even seeing any traffic 'snort -i<interface> -v' Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn Baskerville Sent: Friday, June 13, 2003 10:13 PM To: snort-users () lists sourceforge net Subject: [Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 I finally got the Snort Enterprise Implementation (by Steven Scott) completed. I have some slightly different files than the manual as only newer ones were available for downloading. Additionally, all components of the IDS are installed on a single machine with 3 NICs. Two do not have an IP address bound to the adapters, and the 3rd is the one with the private IP. I can't find a single error in any of the logs, all web pages open and function as expected, and the sensors, SnortCenter, ACID, and MySQL are running. I verified that I had port mirroring set up on the switches, but just in case I put the external sensor on a hub. I've selected all parameters possible on the sensors, and I've also performed scans. I simply cannot get an alert to show up on ACID, and when I look at the database the count equals 0. For grins, I also enabled Snort on the NIC with an IP address and scanned it. It also didn't turn up any alerts. Thanks for any assistance. Allyn ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 13)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)