Snort mailing list archives

Unknown Sensor

From: "James M. Driskell" <jdriskell () ups edu>
Date: Fri, 21 Feb 2003 12:49:44 -0800

Hi all.

 

I'm stumped.  I'm running two sensors feeding a single snort mysql
database.  I stop and restart each sensor daily to clear and rebuild the
alert and scan.logs on the sensors.  Otherwise these files fill up the
hard drives of the sensors.  I always wind up with an unknown sensor
replacing the snort1 sensor.  I've even created separate mysql user
names and passwords for each sensor but that didn't seem to help.  I
appreciate any help solving this problem.

 

mysql> select * from sensor;

+-----+----------------------+-------------+-----------+---------+------
-------+------------+

| sid  | hostname        | interface | filter     | detail | encoding |
last_cid |

+-----+----------------------+-------------+-----------+---------+------
-------+------------+

|   1  | snort1:eth1      | eth1       | NULL   |       1 |            0
|     3409 |

|   2  | snort2:eth1      | eth1       | NULL   |       1 |            0
|          0 |

|   3  | unknown:eth1  | eth1       | NULL   |       1 |            0 |
0 |

+-----+----------------------+-------------+----------+---------+-------
------+------------+

3 rows in set (0.00 sec)

 

I'm running linux 7.3, snort 1.9, php 4.1.2 and acid 09.6b23 and mysql
3.23.54a

 

Thanks in advance.

 

Jim Driskell

University of Puget Sound

Current thread:

Unknown Sensor James M. Driskell (Feb 21)
- <Possible follow-ups>
- RE: Unknown Sensor Schmehl, Paul L (Feb 21)