Snort mailing list archives
Snort is running, but doesn't fill IDS/ACID with alerts
From: "andreis" <as () kashrus com>
Date: Mon, 17 May 2004 15:20:36 -0400
Hi, all: We have snort installed in 2 Firewall boxes (FreeBSD 5.2), alerts are stored in IDS box (MySQL) and retrieved through ACID. The system worked fine until ACID stopped showing new alerts. MySQL database has no new alerts for days. MySQL is running, snort on both Firewall machines is running, ssh tunnels are open. Command 'snort -vdC' shows ongoing activity, but no alerts are being detected/stored. Something is off because we used to receive 10-20 alerts per day, and now we have no reporting for a week or so. Where can the problem be hidden? Please advise. Thanks. AndreiS
Current thread:
- Snort is running, but doesn't fill IDS/ACID with alerts andreis (May 17)
- <Possible follow-ups>
- Snort is running, but doesn't fill IDS/ACID with alerts andreis (May 17)
- question about snort... actually cvs john greene (May 17)
- Re: question about snort... actually cvs Frank Knobbe (May 17)
- question about snort... actually cvs john greene (May 17)