Re: Snort w/ Base not recording hits.

[Kevin Johnson <kjohnson () secureideas net>]

Hi-

On Fri, 2005-08-19 at 16:40 -0400, George Laiacona wrote:
> I'm running Snort 2.3 with MySQL and BASE 1.0.1, 

First, I would recommend upgrading to a newer version of BASE.  We are
at 1.1.4 and this has fixed a number of bugs from 1.0.1.

> and it appears as though Snort is not picking up any alerts. 

This sounds like Snort is not running.

> Just quit out of the blue one day a couple of weeks back, and I'm at a loss as to why. I can't figure out which piece 
> stopped working.
>  I don't see Snort in the ps -A list, 

This makes the my statement above seem correct.

> but if I quit mysqld, I get a "Snort cannot connect to database" error in BASE.

BASE would not know if Snort can communicate with the DB.  I think the
error you are seeing is "Can not connect to the Snort database."  This
makes sense if mysqld is shut down.

> Some pointers as to what to look for would be appreciated, thanks.

I would restart Snort and your problem should go away.

> George A. Laiacona III
> Systems Manager
> Aiken County Government

Hope that helps,
Kevin

---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!

Attachment: signature.asc
Description: This is a digitally signed message part