RE: Snort alerts

[Tom Morgan <RTMorgan () azzincorporated com>]

I had a similar problem, are you using alert or logs on the mysql database
line.  If logs try alert.

Tom

-----Original Message-----
From: Mark Weaver [mailto:mark () npsl co uk]
Sent: Friday, November 15, 2002 11:03 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort alerts


Check the logs... you'll probably find that you are doing something like
snort -b or -A fast which overrides the output configuration.  If this is
the case, also check your syslog and you will see:

snort: WARNING: command line overrides rules file alert plugin!

Regards,

Mark

> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Thierry
> Sent: 15 November 2002 14:48
> To: 'snort-users () lists sourceforge net'
> Subject: Re: [Snort-users] Snort alerts
>
>
> Hi,
> Me i don not have exactly the same pb than philippe, i mean, that
> snort is
> writing correctly on /var/log/snort, but is not writing on my database
> mysql...
> The user is correct, the password is correct, i can connect by
> hand, but i
> don 't understand why snort 1.9 don't want to do it...??
> Thx
>
> thierry
>
> 15/11/2002 14:34:10, "Philippe Dhont   (Sea-ro)"
> <Philippe.Dhont () searo be> a
> écrit:
>
> > Hi,
> >
> > I installed snort with apache, mysql, php and acid on a linux system.
> > It reads data from an internal NT server.
> > And now for testing i scan all the ports on that NT server with another
> > windows pc but i get no alerts in my acid.
> > Why not ?
> >
> > greetz
> >
> > Philippe Dhont
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: To learn the basics of securing
> > your web site with SSL, click here to get a FREE TRIAL of a Thawte
> > Server Certificate: http://www.gothawte.com/rd524.html
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> --
> Thierry Stephan
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: To learn the basics of securing
> your web site with SSL, click here to get a FREE TRIAL of a Thawte
> Server Certificate: http://www.gothawte.com/rd524.html
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users