Snort mailing list archives
Re: Acid shows sensors as 0
From: Gentian Hila <gentianhila () gmail com>
Date: Wed, 24 Nov 2004 11:01:08 -0500
I run a GFI scan against snort machine from another computer and still ACID shows nothing on its interface (it keeps showing Sensors 0). I have only one network card installed in my Fedora machine which enters in promiscuous mode (I can tell from the system logs) when snort starts. As I said before, MySql i running, snort connects to it, Snort is running ( I followed all the instruction of this guide http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2) Everything seems ok to me except the fact that there is no data showing on ACID. What is going on ? Please helppppppppppppppppppp. On Tue, 23 Nov 2004 16:41:27 -0500, Gentian Hila <gentianhila () gmail com> wrote:
Thank you very much sir. I will give it a try. On Tue, 23 Nov 2004 15:20:38 -0600, Shawn Kottke <skottke () datalink com> wrote:Use nmap or something to do a scan against the box or a short range of IPs on your network and see if snort detects anything. -----Original Message----- From: snort-users-admin () lists sourceforge net <snort-users-admin () lists sourceforge net> To: Kevin Johnson <kjohnson () secureideas net> CC: Snort Users <snort-users () lists sourceforge net> Sent: Tue Nov 23 14:31:11 2004 Subject: Re: [Snort-users] Acid shows sensors as 0 Maybe that might be it. How can I test that is really doing something ? On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson <kjohnson () secureideas net> wrote: > On Tue, 2004-11-23 at 15:21, Gentian Hila wrote: > > > > The line that configures snort to connect in snort.conf is uncommented > > and is like this: > > > > output database: log, mysql, user=snort password=****** > > dbname=snort host=localhost > > > > (****** is the password) and snort connects as snort user in Mysql > > and db name in mysql is snort. > > > > I have an empty event table. > > > > mysql> select * from event; > > Empty set (0.00 sec) > > > > My question is: when you setup snort and acid, is it supposed to work > > normally or do you have to configure other stuff and rules. My guess > > is that it should work, even though it might need to be tuned. But > > that's another story. > > It should work normally. How long has Snort been running? I would have > to guess that it hasn't seen anything that it considered something to > alert on. Until it sees something, for example someone accessing a web > server and trying to get cmd.exe, that your rules would fire on, it > doesn't report anything for ACID/BASE to display. > > > > Kevin > ------------------- > BASE Project Lead > http://sourceforge.net/projects/secureideas > http://base.secureideas.net > The next step in IDS analysis! > > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- <Possible follow-ups>
- Re: Acid shows sensors as 0 Shawn Kottke (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 24)
- Re: Acid shows sensors as 0 Senthil Prabu.S (Nov 25)
- Re: Acid shows sensors as 0 jacques brierre (Nov 28)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)