RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0

["Michael Steele" <michaels () winsnort com>]

If the connection on the master is severed for whatever reason the slaves
may need to be kick started to refresh the MySQL connection.

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn
Baskerville
Sent: Saturday, June 14, 2003 9:31 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] New Installation - Problem with No Alerts with
Snort, MySQL, SnortCenter and ACID on Redhat 9.0

Thanks Michael for the help. The 9th rule appears to be bad, which kept the
database from being loaded. I'm not really sure how this is to work, but
even after I removed the bad rule and selected "push and reload" from the
SnortCenter "Sensor Console", ACID still showed no active sensors. However,
after I stopped and started the sensors from the "Sensor Console", ACID now
sees both sensors and is logging alerts. Thanks again. Allyn


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael
Steele
Sent: Saturday, June 14, 2003 1:20 AM
To: allynb () adsne com; snort-users () lists sourceforge net
Subject: RE: [Snort-users] New Installation - Problem with No Alerts
with Snort, MySQL, SnortCenter and ACID on Redhat 9.0


Is snort even seeing any traffic 'snort -i<interface> -v'

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician
 mailto:michaels () winsnort com
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Allyn
Baskerville
Sent: Friday, June 13, 2003 10:13 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] New Installation - Problem with No Alerts with Snort,
MySQL, SnortCenter and ACID on Redhat 9.0

I finally got the Snort Enterprise Implementation (by Steven Scott)
completed. I have some slightly different files than the manual as only
newer ones were available for downloading. Additionally, all components of
the IDS are installed on a single machine with 3 NICs. Two do not have an IP
address bound to the adapters, and the 3rd is the one with the private IP. I
can't find a single error in any of the logs, all web pages open and
function as expected, and the sensors, SnortCenter, ACID, and MySQL are
running. I verified that I had port mirroring set up on the switches, but
just in case I put the external sensor on a hub. I've selected all
parameters possible on the sensors, and I've also performed scans. I simply
cannot get an alert to show up on ACID, and when I look at the database the
count equals 0. For grins, I also enabled Snort on the NIC with an IP
address and scanned it. It also didn't turn up any alerts.

Thanks for any assistance. Allyn



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users