Snort mailing list archives

The data can't be saved to the msyql

From: jiangzhw2008 <jiangzhw2008 () yeah net>
Date: Thu, 12 Feb 2009 13:12:28 +0800 (CST)

Dear all,
   I have installed the snort+acid+mysql+apache+phpAdmin on WinXP  on laptop 4 times,however,it seemes to have worked 
for a while,but now the data that the snort detected can't be saved to the mysql.When I run the following command:
snort -c "c:\snort\etc\snort.conf"  
it prompted"alert file log/alert.ids"doesnt exist,then i change to 
snort -c "c:\snort\etc\snort.conf" -l "c:\snort\log"
The console showed screens of information and stopped at the "using PCAP_FRAMES=65535"(Because it once showed "not 
using PCAP_FRAMES",so i set the PCAP_FRAMES as a environment variable ),maybe it is working now ,but when i opened the 
http://localhost:8080/acid ,the data displayed on the web page 
remained unchanged(ie keep the same to the data that detected 3 days ago)as well as the mysql database!I checked the 
infomation on the console and can't find any errors,the size of alert.ids in the c:\snort\log is 0 KB,the size of 
snort.log is only 1 KB ,I used the command:
snort -c "c:\snort\etc\snort.conf" -i5 -v
-i5 stands for the physical eth0(i've installed the vmware)
the infomation on console scrolled by and by.I found that the size of  alert.ids and snort.log became bigger and the 
data on the acid updated!Nevertheless,the detection of tcp was always 0% and i rerun the command above ,the data in 
mysql database kept unchanged and the alert.ids shrunk to 0 KB, though the information on the console showed on and on! 
In a word,there are  main problem:
1.when run the command:
snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev
the information shown on the console stopped at the sentence at:
using PACP_FRMAES=65535
2.Even i run such command:
snort -c c:\snort\etc\snort.conf –l c:\snort\log -dev -i5
the information changed in time with detection while the mysql database unchanged and the size of aler.ids is 0 
KB,snort.log.* is 1 KB.
 
Best regards!
   jiangzhw2008 () yeah net

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

The data can't be saved to the msyql jiangzhw2008 (Feb 11)
- Re: The data can't be saved to the msyql Joel Esler (Feb 11)