Snort mailing list archives
Re: Snort 2.0.0 logging to MySQL, but nothing in ACID???
From: Kevin Johnson <kjohnson () secureideas net>
Date: Tue, 19 Oct 2004 19:08:50 -0400
On Tue, 2004-10-19 at 16:29, Williams Jon wrote:
I'm having a pretty bad brain fart. Some time this morning, one of our ACID consoles stopped working. We've confirmed that all of our sensors are seeing data and generating alerts, that the MySQL port is open between all of the sensors and the DB server, that MySQL is running and accepting connections on the port the sensors are connecting to, and that the sensors are writing data to the database. When I go into ACID, it shows no alerts and no sensors, but if I click on the "Application cache and status" link, the Alert Information Cache section shows the correct number of alerts under "Total Events". Clicking on "Repair Tables" and "Update Alert Cache" have no effect on the problem, nor did restarting the web server, MySQL server, and rebooting the box. Fortunately, we've got a second DB server. When we repointed the sensors to the second server, everything works fine there. While I was logged into the box around the time that the problem occurred, and there were no other users logged in at all since before the problem, I have no clear recollection of any actions that had anything to do with PHP, the web server, ACID, or MySQL. Any suggestions? Any idea how I shot myself in the foot? Thanks. Jon
Hi- If you access the original database server directly, are the alerts still there? Is there anything in the logs? I would set the two below variables in acid_conf.php if you can't find anything else.... $sql_trace_mode = 0; $sql_trace_file = ""; Feel free to respond with any more information and I can try to help. Kevin ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas The next step in IDS analysis!
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort 2.0.0 logging to MySQL, but nothing in ACID??? Williams Jon (Oct 19)
- Re: Snort 2.0.0 logging to MySQL, but nothing in ACID??? Kevin Johnson (Oct 19)
- <Possible follow-ups>
- RE: Snort 2.0.0 logging to MySQL, but nothing in ACID??? Williams Jon (Oct 20)