Snort mailing list archives

RE: No alerts on ACID

From: "support" <support () sitel-india com>
Date: Tue, 19 Oct 2004 02:41:49 +0530
Hi 

Today I got the error mesg when I starting the acid console for the 1st
time after restarting ,

Warning: mysql_pconnect(): Can't connect to local MySQL server through
socket '/tmp/mysql.sock' (2) in
/www/htdocs/adodb/drivers/adodb-mysql.inc.php on line 335


Error (p)connecting to DB : snort@localhost

Check the DB connection variables in acid_conf.php 

               = $alert_dbname   : MySQL database name where the alerts
are stored 
               = $alert_host     : host where the database is stored
               = $alert_port     : port where the database is stored
               = $alert_user     : username into the database
               = $alert_password : password for the username
              
Database ERROR:Can't connect to local MySQL server through socket
'/tmp/mysql.sock' (2)

Also when checking for mysql ps -ef | grep mysql I could not find mysql
runnig
So I restarted mysqld and found a error mesg ....
( " No mysqld pid file found. Looked for
/usr/local/mysql/var/localhost.localdomain.pid  " )

And after this my Acid console started but with no alerts

Wht could be the problem 


________________________________________________________________________
_____________________________________________________
SITEL INDIA LTD.
4 A, Park Davis Complex(main)
Sakinaka,
Andheri-Kurla Road,
Mumbai 4000072,
India. 
Tel      : 91-22-2820131,28522657
FAX     : 91-22-28561659
IPLC    :402-536-4179  
-e-mail: support () sitel-india com
 

-----Original Message-----
From: Patrick S. Harper [mailto:patrick () internetsecurityguru com] 
Sent: Monday, October 18, 2004 4:18 PM
To: 'prabu'; 'support'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] No alerts on ACID

Also, if you are using RH9 you need to know that no more patches are
being
released by RH, it is EOL.  The fedora legacy project is doing patch
management for RH9 for as long as there is community interest and
involvement.

Check out http://www.fedoralegacy.org/download/ and
http://www.fedoralegacy.org/docs/ for directions on using yum and apt
with
RH9 to keep it up to date.


Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light
the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of prabu
Sent: Sunday, October 17, 2004 11:23 PM
To: support; snort-users () lists sourceforge net
Subject: Re: [Snort-users] No alerts on ACID

Is snort able to capture packets on ur network?.
 
If so,is Snort is logging alerts to ur database?
        Before,running ACID,you can check whether your Snort Database is
getting all the logging details from the 
        senor by executing the following SQL query;
 
        # echo "SELECT count(*) FROM event" | mysql snort_db -u root  -p
         Executing above query on my system,has produced the value,

           count(*)
           4406
        #

        Here,my MySQL database (named as snort_db) contained 4406
alerts.If
no alerts are found in the database (i.e. a 0 is returned).
This will help U,to check whether Snort is logging alerts into your
Database
or not.You must check this before running ACID.
 
If you still find problem,right to me,I will send a simple and easier
configuration file to setup Snort-MySQL-ACID Setup.
 
Cheers,
Prabu.S
 
        ----- Original Message ----- 
        From: support <mailto:support () sitel-india com>  
        To: snort-users () lists sourceforge net 
        Sent: Sunday, October 17, 2004 9:15 PM
        Subject: [Snort-users] No alerts on ACID

        Hi all,
         
        I have done the complete installation of snort on Redhat 9 ,
mysql ,
php . The acid console is opening properly but there are no alerts
generating. Also I have the following line in my snort.conf file
        output database: log, mysql, user=snort password=password
dbname=snort host=localhost
         
        Is there which is missing ...need ur help
         
        Regards,
        Raj
         
         
        
________________________________________________________________________
____
_________________________________________________
        SITEL INDIA LTD.
        4 A, Park Davis Complex(main)
        Sakinaka,
        Andheri-Kurla Road,
        Mumbai 4000072,
        India. 
        Tel      : 91-22-2820131,28522657
        FAX     : 91-22-28561659
        IPLC    :402-536-4179  
        *e-mail: support () sitel-india com
<mailto:support () sitel-india com> 
         
         
        
        ---
        Outgoing mail is certified Virus Free.
        Checked by AVG anti-virus system (http://www.grisoft.com).
        Version: 6.0.776 / Virus Database: 523 - Release Date:
10/12/2004




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

No alerts on ACID support (Oct 17)
- Re: No alerts on ACID prabu (Oct 17)
  - RE: No alerts on ACID Patrick S. Harper (Oct 18)
    - RE: No alerts on ACID support (Oct 18)
    - RE: No alerts on ACID Kevin Johnson (Oct 18)
    - Re: No alerts on ACID prabu (Oct 18)
  - RE: No alerts on ACID support (Oct 22)
- <Possible follow-ups>
- RE: No alerts on ACID Harper, Patrick (Oct 19)
- RE: No alerts on ACID support (Oct 22)