Re: Snort, php, MySQL and acid showing no activity

[Erek Adams <erek () theadamsfamily net>]

On Fri, 23 Aug 2002, Joshua Rogers wrote:

[...snip...]

> > *  Verify that snort is working.  'snort -vade' should show traffic on your
> network.
> It works and shows traffic on the network. I copied some output above.

Good.  One less thing to worry about.  :)

> > *  Check your snort.conf.  Check HOME_NET and EXTERNAL_NET, to be sure
> > they are set for the correct ranges.
> I have the HOME_NET set for each class c;
> var HOME_NET
> [63.229.251.0/24,65.101.195.0/24,65.103.101.0/24,65.125.152.0/23]
> but my EXTERNAL_NET is set like this:
> var EXTERNAL_NET $HOME_NET
> Should external net say 'any'?

Well...  It depends.  I tend to define EXTERNAL_NET as "!$HOME_NET" since
that's what I'm interested in.

If you want to see possible attacks 'coming and going' then change it to
"any".

> > *  If the MySQL host and snort host are different, make sure you can
> > connect from one to the other.
> The MySQL host and snort are on the same machine.

Ok.  Should work fine.

Time for a 'silly' question:  You are using the db output plugin?  Does snort
give you any errors when you start it?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users