Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cannot get Acid to report any activity

From: Guy Bruneau <seeker () whitehats ca>
Date: Thu, 26 Aug 2004 20:03:21 -0400
Glenn,

I am sorry I did not get back to you earlier but I am presently
unsubscribed on the Snort mailing list but I saw your message and I
think you forgot to uncomment the command that sends the data to ACID.

Edit the following file:

/usr/local/snort/etc/snort.external.conf
/usr/local/snort/etc/snort.internal.conf

find the following line in the conf file

output database: alert, mysql, .... (the setup is on page 15 of the
install.pdf guide)  and remove the # sign at the beginning of the line.

Save the file and then to test that everything works and it is
connecting to the database, do the following:

cd /usr/local/snort
./check_snort_eth1 and ./check_snort_eth0

This will confirm that Snort is connecting to MySQL correctly. Then,
restart Snort:

/etc/rc.d/rc.snort stop
/etc/rc.d/rc.snort start

I would suggest you review page 14 and 15 of the install.pdf file to
ensure all of the steps have been followed.

Guy

---------------------

I am feeling a bit dumb lately. I cannot see any activity through ACID.

I have configured Snort using Guy Bruneau's Shadow/Snort ISO. All seems
to be well, the sensor is saving alerts in the log files located at
/usr/local/snort/log/*. I can read them via less.

I would like to check to see if the logs are making it to mysql. How can

I query the database to verify that the logs are moving to mysql?

If I find the logs are getting to mysql, how do I check my connection
between acid and mysql?

Any ideas would be helpful.

I normally do NT admin, so I only have a poor mans knowledge of Linux.
So, what I am saying is... Don't be to vague with your answers... :-)

~-~-Glenn-~-~



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: