Snort mailing list archives

Acid 0.9.6bx Portscan problem


From: <bthaler () webstream net>
Date: Thu, 26 Jul 2001 09:46:36 -0400

I'm using Acid-0.9.6b12, Snort-1.7, and MySQL running on WinNT.

I can't seem to get the portscan feature in Acid to work, and I'm a little
confused. From the "Snort on Windows" doc at www.snort.org, I'm supposed to
do this:
"** Remove the # before the "output database: log, mysql, user=snort
dbname=snort host=localhost" to activate MySQL. "
to get snort to log to the MySQL DB.  OK.  I did that, and Snort does indeed
log to the MySQL DB.

From the Acid FAQ, to get the portscan/spade alerts to work, I need to set
this:
"output database: alert, mysql, user=snort, dbname=snort_log host=localhost
password=foo"
in my snort.conf file.  This is where I'm confused.  When I run Snort from
the command-line to test the new configuration, I get this error:

Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: database name = snort
database:          host = localhost
database:   sensor name = SNORT
database:     sensor id = 1
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database:          host = localhost
database: must enter database name in configuration file

The database name is specified in the snort.conf file.  Am I supposed to
have only 1 output plugin enabled?

Anyone have any ideas?  Roman, I'm sure you know the answer to this one, and
everyone please excuse my ignorance if you've covered this before.


Thanks,
Brad T.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: