Snort mailing list archives
What Might I have Missed? RH72, Snort, MySql, PHP, Adodb, Acid
From: "Bruce D. meyer" <bdmeyer () kg4tac net>
Date: Wed, 7 Apr 2004 07:01:21 -0400
Following various bits of info from the Snort 2.0 Book by Jay Beales, This web site: http://www.sfhn.net/whites/snort_acid-rpm.html This PDF file: http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf I seem to have almost everything working correctly. I can go to Shields Up at grc.com, put then machine on my DMZ, tell Shields up to do a full port scan, and TOP shows an occasional jump of Snort-Mysql, and the log directory shows the attempts. ( am using "alert, mysql' in the conf file (as opposed to log, mysql) So, snort is seeing the port scans and I see in the alert file, that it is logging them. Oddly, Acid shows zero intrusions or records of any kind. GD, and everything else SEEMS to be functioning, but it seems like Acid just isn't reading the database, or else the MySql isn't getting the data. I am not a big MySql, Acid, Adodb, or PHP expert, at all, I just followed a lot of directions and beat my head on the keyboard for awhile until things all started to work. I am hoping someone can point me in a general direction for tonight's troubleshooting session. My thoughts are is that either: a.) The data isn't getting written to MySql (so I need to view all the tables in 'snort' database somehow. or b.) Acid is not reading the MySql 'snort' database, but isn't writing errors to the /var/log/messages, or /var/log/security or any other log files in that directory that I am grepping. (It could just be I am not grepping for the correct string, I am not sure what I am looking for except MySql... Just a hint would be very helpful. This is so much fun, I almost want to take a vacation day to keep working on this.... (That's like a bad thing, right?) Bruce D. Meyer ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What Might I have Missed? RH72, Snort, MySql, PHP, Adodb, Acid Bruce D. meyer (Apr 07)
- Re: What Might I have Missed? RH72, Snort, MySql, PHP, Adodb, Acid Alejandro Flores (Apr 07)