Snort mailing list archives

Re: no alerts logged

From: "M. Morgan" <mikemorgan () mindspring com>
Date: Thu, 15 Jan 2004 17:11:36 -0500 (GMT-05:00)

Mat,
 If both snort and the mysql database are running correctly try the following.
  
-make sure the output plugin for snort is pointing to the correct database.

-make sure that snort has the correct permissions (in MySQL) to access the "snort" database tables. 
   -there should be a database user "snort"
   - and permissions for snort/snort_archive/snortcenter in the databse to allow user "snort" to write to the tables. 

One of the above may be causing your problem depending on your snort/database type setup.



-----Original Message-----
From: Mat Harris <mat.harris () genestate com>
Sent: Jan 15, 2004 9:54 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] no alerts logged

Hi,
  I have set up snort for the second time now using the pdf redhat howto.

The first setup worked perfectly with acid and i loved it, but that machine
died and so I am trying to install the replacement.

I have followed the instruction (as far as I can see) to the letter, the same
as last time, but on the new install, there is nothing being logged.

Everything appears to be working perfectly, but nothing is sent to the mysql db
except on one test portscan with nmap it logged 2 alerts for that.

I am not very familiar with snort yet so I don't know what to provide to debug it
and the keywords are too vague for a google/archive search.

Please let me know what info to provide for debugging.

I am running Redhat 7.3 (fully updated) with snort Version 2.0.5 (Build 98).

Thanks in advance

-- 
 -----------------------------------------
+ Mat Harrison | mat.harris () genestate com +
| England, UK  | matth () 3d-computers co uk |
|--------------+--------------------------|
+        http://www.genestate.com         +
 ----------------------------------------



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

no alerts logged Mat Harris (Jan 15)
- <Possible follow-ups>
- Re: no alerts logged M. Morgan (Jan 15)
  - Re: no alerts logged Mat Harris (Jan 15)
    - portscan but no rules - Was: Re: no alerts logged Mat Harris (Jan 16)
- RE: no alerts logged Michael Chapman (Jan 15)
- RE: no alerts logged Michael Chapman (Jan 16)
- RE: no alerts logged Michael Chapman (Jan 16)