Snort mailing list archives
RE: question regarding snort, acid, mysql, and redh at 7.3
From: "Potts, Ross A." <RPOTTS () NORTHROPGRUMMAN COM>
Date: Mon, 28 Oct 2002 06:22:11 -0800
This is a clumsy workaround that works at the server. Open your browser, and type file://what/ever/your/acid/report/path/is/index.html -----Original Message----- From: Bob Dixon [mailto:bob.dixon () attbi com] Sent: Saturday, October 26, 2002 8:56 PM To: snort-users () lists sourceforge net Subject: [Snort-users] question regarding snort, acid, mysql, and redhat 7.3 Hello all, I'm trying to get snort working with mysql and acid. I think that I am following the directions to set this up, but apparently I am missing something (probably really simple). Snort works fine from a command line. Also, apache is up. But when I go to what should be my ACID page (http://10.0.0.2/acid/index.html), all I get is: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. I get the same result going to http://10.0.0.2/acidviewer/index.html). Any idea what might be wrong? I am trying to follow Steven Scott's guide, but I am obviously missing something here. Also, have 2 NIC's. Eth0 is 10.0.0.2 and eth1 is unnumbered. Snort seems to try and run on eth0, but I think it should be running on eth1. Is this correct? I am using the snortd script suggested by Steven in his pdf, and I have configured "INTERFACE=eth1 " in the script. However, /var/log/messages shows that snort is putting eth0 into promiscuous mode each time I run "snortd start". Does this sound correct? I have been trying to go over the details of this for several days to see if I have missed something simple, but I can't find out what I am doing wrong. If anyone here has any ideas, I would really appreciate it. Thanks for your time, -Bob BTW- Here are the versions of software that I am running. acid-0.9.6b22.tar.gz adodb231.tgz create_mysql gd-2.0.4.tar.gz MySQL-3.23.53a-1.i386.rpm MySQL-client-3.23.53a-1.i386.rpm MySQL-devel-3.23.53a-1.i386.rpm MySQL-shared-3.23.53a-1.i386.rpm Net_SSLeay.pm-1.20.tar.gz perl-Net_SSLeay.pm-1.05-3.i386.rpm php-4.1.2-7.3.4.i386.rpm phplot-4.4.6.tar.gz php-mysql-4.1.2-7.3.4.i386.rpm snort-1.9.0.tar.gz snortd snortrules-stable.tar.gz webmin-1.020-1.noarch.rpm ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: question regarding snort, acid, mysql, and redh at 7.3 Potts, Ross A. (Oct 28)
- <Possible follow-ups>
- RE: question regarding snort, acid, mysql, and redh at 7.3 Justin Jessup (Oct 28)
- snorters in d.c Alberto Gonzalez (Oct 28)