Snort mailing list archives

RE: No Activity Occurring on ACID

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 23 Jul 2004 13:12:34 -0500

--On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H."<AHKAPLAN () PARTNERS ORG> wrote:

I restarted Snort and checked the messages file for the appropriate
entries. It looks like everything associated with the
program started up successfully with the exception of stream for having a
problem with an argument that I gave it. Could
you please advise on that? I'm including an excerpt of the messages file
for your perusal.

According to the messages file, snort is starting successfully. I alsolooked at the snort.conf stuff you sent, and that all looked OK. I'm notsure what the problem might be.

I did log successfully into Snort using the mysql -u "user" -p so there
should not be a problem with the snort user having
access to the database. I verified the username and password that appear
in the snort.conf file match those that I used from
the command line.

The command syntax that I used with the -T option was snort -T -A -i eth0
-c /etc/snort/snort.conf -v. It showed all plugin's
loading successfully except for the min_ttl option for the stream4
plugin. I'll check that out, but I would be surprised if
that alone could be the root cause of the problem.

No, it wouldn't be. That's just a WARNING. If it said FATAL, snort wouldnot run.

Do not use the "-A" switch. That overrides your conf file, so that wouldprevent snort from logging to the database and force snort to only log to/var/log/snort/alert (if that's the default path for you).


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)