Snort mailing list archives

Re: SNORT,ACID,MYSQL no alerts, please help....

From: Kevin Johnson <kjohnson () secureideas net>
Date: Mon, 25 Oct 2004 06:47:06 -0400

On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:

Hi,
When snort (running as a service), ACID and mysql are run, does the
snort log all the packets in the database or does it only log the
packets which have triggered the alerts????   I wanted to know this
because my ACID is not showing any alerts. And when I check the
database there is nothing logged in the database. I used third party
tools like NMAP for port scanning, but there are no alerts. The line
which I uncommented in snort is
"output database: log, mysql, user=root  dbname=snortdatabase
host=localhost". I gave no password here because the same thing is
given in mysql.ini and to the user(root) of snortdatabase created
using DBTOOLS. username = root, and the password line is commented.
Please help me in figuring out the problem.
Thank you, 
Regards,
ZAHID.


Hi-

First, can I recommend that you use a user other then root to write any
data to your database.  If you are not familiar with setting up users on
mysql, there are some great tutorials on the web.

I have a few questions for you to help us help you:

- Were there any error messages when you started Snort?
- Was it running when you performed the port scans?
- Are you configured to alert on portscans?

I would recommend that you read the document below to help you get
started.  
http://www.snort.org/docs/Snort_SSL_FC2.pdf

This file is specific to Fedora Core 2 but the principles are the same
on most O/S's.

Thanks
Kevin
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
The next step in IDS analysis!



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNORT,ACID,MYSQL no alerts, please help.... zahid mohammed (Oct 24)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Kevin Johnson (Oct 25)
  - Re: SNORT,ACID,MYSQL no alerts, please help.... Steven Crandell (Oct 25)