Re: ACID

["Scott Elgram" <SElgram () verifpoint com>]

Hello,
    I have installed Snort just like you have and received a similar result
once I got it running.  The reason for this was because I had not set any
rules for snort and thus it did not do anything.  In order to see if it was
actually running and to play around with it I simply added two rules that
would cause an alert for any type of traffic.

Alert ip any any -> any any (msg: "IP Packet Detected")
Alert icmp any any -> any any (msg: "Ping!")

The first rule will get triggered by any packet snort sees.  If there is
traffic on your network it should show ip in ACID.  The Second will show up
when you ping the interface that snort is monitoring.  I used this because I
was testing on a closed network that had no traffic.

**IMPORTANT:  You MUST remember to delete these two rules once you have
finished playing and have implemented snort on your network.  Otherwise it
will fill you hard drive with meaningless alerts.

-Scott Elgram

----- Original Message ----- 
From: "Fred McFeeters" <nfolink () hotmail com>
To:
<Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco () jalisco gob mx>;
<snort-users () lists sourceforge net>
Sent: Monday, February 23, 2004 10:12 AM
Subject: RE: [Snort-users] ACID


> Have you checked that snort is logging to the db? And that acid has
> connection to that db?
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of
> Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco () jalisco gob mx
> Sent: Monday, February 23, 2004 11:39 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] ACID
>
>
>
>
>
> Hi I installed snort ,php,acid ,mysql and apache in RH9 The installation
> was complete and Ican see the ACID page like in the manual`s example but
> the page does not have activity
> Do I have to do something else?
> Thanks
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users