Snort mailing list archives

RE: No Activity Occurring on ACID

From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Fri, 23 Jul 2004 15:01:49 -0400

Dropping the -A option did it. Information is appearing in ACID. Thanks for the
assist.

-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu]
Sent: Friday, July 23, 2004 2:13 PM
To: Kaplan, Andrew H.
Cc: Snort User Group (E-mail)
Subject: RE: [Snort-users] No Activity Occurring on ACID


--On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H." 
<AHKAPLAN () PARTNERS ORG> wrote:

I restarted Snort and checked the messages file for the appropriate
entries. It looks like everything associated with the
program started up successfully with the exception of stream for having a
problem with an argument that I gave it. Could
you please advise on that? I'm including an excerpt of the messages file
for your perusal.

According to the messages file, snort is starting successfully.  I also 
looked at the snort.conf stuff you sent, and that all looked OK.  I'm not 
sure what the problem might be.

I did log successfully into Snort using the mysql -u "user" -p so there
should not be a problem with the snort user having
access to the database. I verified the username and password that appear
in the snort.conf file match those that I used from
the command line.

The command syntax that I used with the -T option was snort -T -A -i eth0
-c /etc/snort/snort.conf -v. It showed all plugin's
loading successfully except for the min_ttl option for the stream4
plugin. I'll check that out, but I would be surprised if
that alone could be the root cause of the problem.

No, it wouldn't be.  That's just a WARNING.  If it said FATAL, snort would 
not run.

Do not use the "-A" switch.  That overrides your conf file, so that would 
prevent snort from logging to the database and force snort to only log to 
/var/log/snort/alert (if that's the default path for you).

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)