Snort mailing list archives
TCP and ACID
From: "Kromodimedjo, John" <kromodimedjoj () unaids org>
Date: Wed, 31 Mar 2004 14:55:34 +0200
Hi all, I have installed snort with ACID on MSSQL. So, far so good. I have left it running for one night and I know it captured TCP packets but nothing comes up in ACID. Do you know what I am doing wrong?? Here is part of my snort.conf. Thanks. John UNAIDS-Geneva ----------------------------------- var HOME_NET any var EXTERNAL_NET any var DNS_SERVERS $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var SNMP_SERVERS $HOME_NET var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24, 64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] var RULE_PATH d:\snort\rules preprocessor flow: stats_interval 0 hash 2 preprocessor frag2 preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 preprocessor rpc_decode: 111 32771 preprocessor bo preprocessor telnet_decode preprocessor portscan:$HOME_NET 4 3 d:\snort\log\portscan.log output alert_fast:alert.ids output database: log, mssql, user=snort password=snort123 dbname=snort host=158.232.85.36 port=1433 sensor_name=GE-3E-06 output database: alert, mssql, user=snort password=snort123 dbname=snort host=158.232.85.36 port=1433 sensor_name=GE-3E-06 include d:\snort\etc\classification.config include d:\snort\etc\reference.config ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP and ACID Kromodimedjo, John (Mar 31)
- RE: TCP and ACID Michael Steele (Mar 31)
- <Possible follow-ups>
- RE: TCP and ACID Shawn Kottke (Mar 31)
- RE: TCP and ACID Kromodimedjo, John (Mar 31)
- RE: TCP and ACID Kromodimedjo, John (Mar 31)