Snort mailing list archives
FW: Beginner Help...
From: <support () nps-dc org>
Date: Thu, 31 Jul 2003 21:29:33 -0400
I've set up 3 boxes in 10 days using that acid/rh9.0 howto (my first 3)- and each time the same thing happened to me. Check your MySQL snort dbase, and the table called 'events' if (after running Nessus/NMAP at your sensor) the table's empty, it's that snort isn't writing to the dbase. (this was the case for me) I double checked everything to no avail (i did have a MySQL user named snort who has/had INSERT rights like the howto said...) as a work-around: in the snort.conf file, if i switch the mySQL user to 'root' instead of 'snort' and then snort can write to MySQL, and ACID has some data to display. OT: -how big a security issue is this? Fernando -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Stevo Sent: Thursday, July 31, 2003 5:50 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Beginner Help... Hey All, Sorry for the stupid questions... and I have RTFM'ed, but I just need some quick answers!! I've got Snort setup as per the http://www.snort.org/docs/snort_acid_rh9.pdf instructions... but I don't see any Alert at all in Acid. I have 2 interfaces in my Snort box, one for management and one for sniffing. The sniffer interface is connected to a switch (Cat4006) and I'm spanning our uplink port to the sniffer interface. I know that's working because if I do a tcpdump -i eth1 (the sniffer interface) I see ALL the traffic from our network... Snort is running and supposibly logging the my mysql db - should I see the number of records increasing in a certain table to make sure the data is in fact being logged there successfully?? I've been using Retina to scan my network to attempt to generate alerts, but that hasn't worked. Is there another tool I could use to generate "naughty" traffic?? Does anyone have any thing else I can check?? Thanks Stevo
Current thread:
- Beginner Help... Stevo (Jul 31)
- Re: Beginner Help... cc (Jul 31)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- <Possible follow-ups>
- FW: Beginner Help... support (Jul 31)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- RE: FW: Beginner Help... Brian Gregorcy (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)