Snort mailing list archives

RE: Sensors and alerts stop showing up in ACID

From: "Bristol, Gary L." <gbristol () ou edu>
Date: Tue, 15 Feb 2005 16:22:44 -0600

Not using Barnyard for the output.
The Sensor_id entry is in the Sensor Table of the Snort DB.
This is information from two different sensors to a central DB that
worked previously to upgrading to 2.3.0, although that might not be the
problem, since I had been using it for about a week.
It seemed to stop working after an signature upgrade, last week. 

-----Original Message-----
From: Chris Vaughan [mailto:chrisv () parkavebank com] 
Sent: Tuesday, February 15, 2005 4:15 PM
To: Bristol, Gary L.; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Sensors and alerts stop showing up in ACID

Are you sure that in your barnyard.conf you are logging with two
different sensor_ids?

 -----Original Message-----
From:   snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]  On Behalf Of Bristol,
Gary L.
Sent:   Tuesday, February 15, 2005 4:35 PM
To:     snort-users () lists sourceforge net
Subject:        [Snort-users] Sensors and alerts stop showing up in ACID

I recently updated my sensors to snort 2.3.0.
The problem I'm seeing on two different databases is that one of the
sensors alerts and information shows up just fine but the other one,
even though it's listed in the sensor table doesn't show as being there
in the ACID page of sensors and no alerts from this sensor is showing
up.

On one database I completely removed the Snort db and recreated it from
scratch, same problem, one sensor and it's alerts show up, the other
doesn't.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Sensors and alerts stop showing up in ACID Bristol, Gary L. (Feb 15)
- <Possible follow-ups>
- RE: Sensors and alerts stop showing up in ACID Chris Vaughan (Feb 15)
- RE: Sensors and alerts stop showing up in ACID Bristol, Gary L. (Feb 15)