Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: question regarding snort, acid, mysql, and redh at 7.3

From: "Potts, Ross A." <RPOTTS () NORTHROPGRUMMAN COM>
Date: Mon, 28 Oct 2002 06:22:11 -0800
This is a clumsy workaround that works at the server.

Open your browser, and type
file://what/ever/your/acid/report/path/is/index.html

-----Original Message-----
From: Bob Dixon [mailto:bob.dixon () attbi com]
Sent: Saturday, October 26, 2002 8:56 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] question regarding snort, acid, mysql, and redhat
7.3


Hello all,

I'm trying to get snort working with mysql and acid. I think that I am
following the directions to set this up, but apparently I am missing
something (probably really simple). Snort works fine from a command
line. Also, apache is up. But when I go to what should be my ACID page
(http://10.0.0.2/acid/index.html), all I get is:

Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.

I get the same result going to http://10.0.0.2/acidviewer/index.html).
Any idea what might be wrong? I am trying to follow Steven Scott's
guide, but I am obviously missing something here.

Also, have 2 NIC's. Eth0 is 10.0.0.2 and eth1 is unnumbered. Snort seems
to try and run on eth0, but I think it should be running on eth1. Is
this correct? I am using the snortd script suggested by Steven in his
pdf, and I have configured "INTERFACE=eth1 " in the script. However,
/var/log/messages shows that snort is putting eth0 into promiscuous mode
each time I run "snortd start". Does this sound correct?

I have been trying to go over the details of this for several days to
see if I have missed something simple, but I can't find out what I am
doing wrong. If anyone here has any ideas, I would really appreciate it.

Thanks for your time,
-Bob

BTW- Here are the versions of software that I am running.

acid-0.9.6b22.tar.gz
adodb231.tgz
create_mysql
gd-2.0.4.tar.gz
MySQL-3.23.53a-1.i386.rpm
MySQL-client-3.23.53a-1.i386.rpm
MySQL-devel-3.23.53a-1.i386.rpm
MySQL-shared-3.23.53a-1.i386.rpm
Net_SSLeay.pm-1.20.tar.gz
perl-Net_SSLeay.pm-1.05-3.i386.rpm
php-4.1.2-7.3.4.i386.rpm
phplot-4.4.6.tar.gz
php-mysql-4.1.2-7.3.4.i386.rpm
snort-1.9.0.tar.gz
snortd
snortrules-stable.tar.gz
webmin-1.020-1.noarch.rpm




-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: