Snort mailing list archives
Re: SNORT,ACID,MYSQL no alerts, please help....
From: Steven Crandell <steven.crandell () gmail com>
Date: Mon, 25 Oct 2004 16:00:14 -0700
Make sure to manually confirm that snort is actually running. The contributed startup script will fail silently so that you see: Starting Intrusion Database System: SNORT SNORT is up and running! but if you have a syntax error in snort.conf or something like that, it'll just die smiling. You can avoid the startup script problem by starting it entirely on the command line, but I prefer to comment out the OPTION="-D" in the init script, start it up and see what happens. regards, steve On Mon, 25 Oct 2004 06:47:06 -0400, Kevin Johnson <kjohnson () secureideas net> wrote:
On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:Hi, When snort (running as a service), ACID and mysql are run, does the snort log all the packets in the database or does it only log the packets which have triggered the alerts???? I wanted to know this because my ACID is not showing any alerts. And when I check the database there is nothing logged in the database. I used third party tools like NMAP for port scanning, but there are no alerts. The line which I uncommented in snort is "output database: log, mysql, user=root dbname=snortdatabase host=localhost". I gave no password here because the same thing is given in mysql.ini and to the user(root) of snortdatabase created using DBTOOLS. username = root, and the password line is commented. Please help me in figuring out the problem. Thank you, Regards, ZAHID.Hi- First, can I recommend that you use a user other then root to write any data to your database. If you are not familiar with setting up users on mysql, there are some great tutorials on the web. I have a few questions for you to help us help you: - Were there any error messages when you started Snort? - Was it running when you performed the port scans? - Are you configured to alert on portscans? I would recommend that you read the document below to help you get started. http://www.snort.org/docs/Snort_SSL_FC2.pdf This file is specific to Fedora Core 2 but the principles are the same on most O/S's. Thanks Kevin ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas The next step in IDS analysis! ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Steven Crandell steven.crandell () gmail com ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT,ACID,MYSQL no alerts, please help.... zahid mohammed (Oct 24)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Kevin Johnson (Oct 25)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Steven Crandell (Oct 25)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Kevin Johnson (Oct 25)