Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP and ACID

From: "Kromodimedjo, John" <kromodimedjoj () unaids org>
Date: Wed, 31 Mar 2004 14:55:34 +0200
Hi all,

I have installed snort with ACID on MSSQL. So, far so good. I have left
it running for one night and I know it captured TCP packets but nothing
comes up in ACID.

Do you know what I am doing wrong??

Here is part of my snort.conf.

Thanks.

John
UNAIDS-Geneva


-----------------------------------


var HOME_NET any
var EXTERNAL_NET any
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521

var AIM_SERVERS
[64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,
64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]

var RULE_PATH d:\snort\rules
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252 

preprocessor http_inspect_server: server default \
    profile all ports { 80 8080 8180 } oversize_dir_length 500


preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode

preprocessor portscan:$HOME_NET 4 3 d:\snort\log\portscan.log

output alert_fast:alert.ids

output database: log, mssql, user=snort password=snort123 dbname=snort
host=158.232.85.36 port=1433 sensor_name=GE-3E-06
output database: alert, mssql, user=snort password=snort123 dbname=snort
host=158.232.85.36 port=1433 sensor_name=GE-3E-06


include d:\snort\etc\classification.config
include d:\snort\etc\reference.config




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: