Snort mailing list archives
Re: Problems with snort and B.A.S.E
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Tue, 10 Feb 2009 21:12:49 -0600
--On February 10, 2009 7:09:30 PM -0600 Kaustubh Gadkari <kaustubh.gadkari () gmail com> wrote:
Hi, I have a process that continuously dumps pcap files into a directory. Periodically, I run snort on these files: snort -c /etc/snort/snort.conf --pcap-dir=/path/to/pcaps I have configured snort to write to a MySQL database. I have also confirmed that snort is writing to the database. Just to raise alerts, I have a rule 'alert tcp any any <> any any (sid:5;)'. I am using B.A.S.E (http://base.secureideas.net/) v1.4.1 to see the snort alerts. Here's the problem: When I run snort as described above, snort writes events to the snort database. I checked using 'select count(*) from event;', but the alerts do not show up in B.A.S.E. However, if I run snort on the interface: snort -c /etc/snort/snort.conf -i eth1 things work i.e. I see snort writing to the database, and I see alerts on B.A.S.E. Am I missing a trick here?
Does your database include the tables that BASE requires? IOW, did you run the create_base_tbls_mysql.sql script?
Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying
Attachment:
_bin
Description:
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 11)
- Re: Problems with snort and B.A.S.E Lee Clemens (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)