Snort mailing list archives
RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0
From: "Allyn Baskerville" <allynb () adsne com>
Date: Sat, 14 Jun 2003 11:30:51 -0500
Thanks Michael for the help. The 9th rule appears to be bad, which kept the database from being loaded. I'm not really sure how this is to work, but even after I removed the bad rule and selected "push and reload" from the SnortCenter "Sensor Console", ACID still showed no active sensors. However, after I stopped and started the sensors from the "Sensor Console", ACID now sees both sensors and is logging alerts. Thanks again. Allyn -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Saturday, June 14, 2003 1:20 AM To: allynb () adsne com; snort-users () lists sourceforge net Subject: RE: [Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Is snort even seeing any traffic 'snort -i<interface> -v' Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn Baskerville Sent: Friday, June 13, 2003 10:13 PM To: snort-users () lists sourceforge net Subject: [Snort-users] New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 I finally got the Snort Enterprise Implementation (by Steven Scott) completed. I have some slightly different files than the manual as only newer ones were available for downloading. Additionally, all components of the IDS are installed on a single machine with 3 NICs. Two do not have an IP address bound to the adapters, and the 3rd is the one with the private IP. I can't find a single error in any of the logs, all web pages open and function as expected, and the sensors, SnortCenter, ACID, and MySQL are running. I verified that I had port mirroring set up on the switches, but just in case I put the external sensor on a hub. I've selected all parameters possible on the sensors, and I've also performed scans. I simply cannot get an alert to show up on ACID, and when I look at the database the count equals 0. For grins, I also enabled Snort on the NIC with an IP address and scanned it. It also didn't turn up any alerts. Thanks for any assistance. Allyn ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 13)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Allyn Baskerville (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0 Michael Steele (Jun 14)