Snort mailing list archives

RE: No Activity Occurring on ACID

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Fri, 23 Jul 2004 08:30:49 -0500

Drop the -A full, that is default, and always remember the command line
over rides the conf file (unless I am misunderstanding the manual, and
that could easily be the case).  I try to set all the options I can in
the conf file, but that's me.  Do you have anything in /var/log/snort?
Try the following to crank it up.   

/usr/local/bin/snort -c /etc/snort/snort.conf 

http://www.snort.org/docs/snort_manual/node6.html
Note that command line logging options override any output options
specified in the configuration file. This allows debugging of
configuration issues quickly via the command line. 

I may be misunderstanding it

-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN () PARTNERS ORG] 
Sent: Friday, July 23, 2004 6:27 AM
To: Harper, Patrick
Cc: Snort User Group (E-mail)
Subject: RE: [Snort-users] No Activity Occurring on ACID

I have MySQL installed on the system, and have configured the snort.conf
file with the following line:

output database: log, mysql, user=snort password=XXXXXX dbname=snort
host=127.0.0.1 port=3306 sensor_name=rosnort

Snort is started at boot time via the /etc/init.d/snort script.
Additionally, I have started snort manually with the following command
syntax:

/usr/local/bin/snort -A full -i eth0 -c /etc/snort/snort.conf -v

I did a check of the snort database to see if anything is being logged
there.
When I run the select count (*) from event; command I get 0 which would
appear to indicate the data is not being posted into the database. If
that is the case, does that mean there is a permissions issue at work
here, or something else?

FYI: To access the mysql database I ran the following command:
/usr/local/mysql/bin/mysql -p and provided the password.

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper () phns com]
Sent: Thursday, July 22, 2004 7:09 PM
To: Kaplan, Andrew H.; snort-users () lists sourceforge net
Subject: RE: [Snort-users] No Activity Occurring on ACID


Are you logging to a database?  Check your output configuration in
snort.conf

How are you starting snort? 


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper () phns com 


-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN () PARTNERS ORG]
Sent: Thursday, July 22, 2004 4:02 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] No Activity Occurring on ACID

Hi there --

Snort is running on our system but there is no activity occurring on the
ACID console. A check of the /var/log/snort/alert.log file indicated
that alerts were being tracked by the program. What settings do I need
to reconfigure to resolve this probem? Thanks.


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately. 







Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)