![snort logo](/images/snort-logo.png)
Snort mailing list archives
RE: No Activity Occurring on ACID
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Fri, 23 Jul 2004 15:01:49 -0400
Dropping the -A option did it. Information is appearing in ACID. Thanks for the assist. -----Original Message----- From: Paul Schmehl [mailto:pauls () utdallas edu] Sent: Friday, July 23, 2004 2:13 PM To: Kaplan, Andrew H. Cc: Snort User Group (E-mail) Subject: RE: [Snort-users] No Activity Occurring on ACID --On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> wrote:
I restarted Snort and checked the messages file for the appropriate entries. It looks like everything associated with the program started up successfully with the exception of stream for having a problem with an argument that I gave it. Could you please advise on that? I'm including an excerpt of the messages file for your perusal.
According to the messages file, snort is starting successfully. I also looked at the snort.conf stuff you sent, and that all looked OK. I'm not sure what the problem might be.
I did log successfully into Snort using the mysql -u "user" -p so there should not be a problem with the snort user having access to the database. I verified the username and password that appear in the snort.conf file match those that I used from the command line. The command syntax that I used with the -T option was snort -T -A -i eth0 -c /etc/snort/snort.conf -v. It showed all plugin's loading successfully except for the min_ttl option for the stream4 plugin. I'll check that out, but I would be surprised if that alone could be the root cause of the problem.
No, it wouldn't be. That's just a WARNING. If it said FATAL, snort would not run. Do not use the "-A" switch. That overrides your conf file, so that would prevent snort from logging to the database and force snort to only log to /var/log/snort/alert (if that's the default path for you). Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)