Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Arrrghhh!!...help..me...

From: Erek Adams <erek () snort org>
Date: Thu, 29 May 2003 10:02:28 -0400 (EDT)
On Wed, 28 May 2003, Tim wrote:


Frustration has set in and the answer is problably under my nose and
can't see it. I really need for someone to please point it out for me.

I'm not new to snort or configuring ACID, MySQL with its accompanying
programs in order to help view alerts in ACID.....ie., gd, php,
phplot..etc. JPgraph is new and I haven't had a chance to play with
it...yet..

First, I'm running RH 7.3 completely updated through the RHN on two
machines...hardware is exactly the same on both machines....plenty of
processing power and memory......500mhz/256 MB and a 9GB IDE drive.
Plenty for my little home-network-lab. The firewall is Iptables latest
version on a separate machine with the same (3 NICs) hardware, totally
setup and functional.

On the snort (Version 2.0) machine I have 4 NICs one for management and
the other three for the sensors.


[...snip...]


This should be enough for me to be able to start snort and log alerts to
the database and view them with ACID or at least I thought so. It seems
that the sensors are being inserted to the mysql database, however they
are not viewable through ACID and snort is not logging alerts to the
database.....even though it does capture packets and they viewable real
time through the output on screen...no error messages from anywhere that
I have been able to see so far ("tail -100 /var/log/messages"). I know,
I know, switch from log to alert in the output database line, but I have
done that to no avail. Snort fires up correctly and the fact that the
sensors are being inserted into the database shows me that their is
connectivity with the MySQL snort database...I'm at a lost. Any help
will be gratefully appreciated. I have re-installed the system twice now
and on the brink of sheer frustration ... The funny thing is that I have
installed the Snort/ACID IDS system prior to snort 2.0 with not much
trouble on numerous occassions.


Ok, so check your DB.  Log in to MySQL and do a 'select * from sid' and
see what you get.  If you get anything, then Snort is sending the data to
the DB.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: