Snort mailing list archives
Re: Snort, php, MySQL and acid showing no activity
From: "Joshua Rogers" <josh () ipws com>
Date: Fri, 23 Aug 2002 15:42:08 -0600
Time for a 'silly' question: You are using the db output plugin? Does
snort
give you any errors when you start it?
This is the output db line I am using in my snort.conf: 'output database: log, mysql, user=snort password=****** dbname=snort host=localhost detail=full' If I read this right, snort first sends the info to the log, then to mysql. But I have no entries in my log files either. Snort does not give me any errors when I start it. It just plugs along happily and shows up after I have started it in the 'ps uxaww' list. Joshua Rogers Webmaster InterPlanetary Web Services 303-940-2597 IBO# 60092 ----- Original Message ----- From: "Erek Adams" <erek () theadamsfamily net> To: "Joshua Rogers" <josh () ipws com> Cc: <Snort-users () lists sourceforge net> Sent: Friday, August 23, 2002 3:25 PM Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no activity
On Fri, 23 Aug 2002, Joshua Rogers wrote: [...snip...]* Verify that snort is working. 'snort -vade' should show traffic on
your
network. It works and shows traffic on the network. I copied some output above.Good. One less thing to worry about. :)* Check your snort.conf. Check HOME_NET and EXTERNAL_NET, to be sure they are set for the correct ranges.I have the HOME_NET set for each class c; var HOME_NET [63.229.251.0/24,65.101.195.0/24,65.103.101.0/24,65.125.152.0/23] but my EXTERNAL_NET is set like this: var EXTERNAL_NET $HOME_NET Should external net say 'any'?Well... It depends. I tend to define EXTERNAL_NET as "!$HOME_NET" since that's what I'm interested in. If you want to see possible attacks 'coming and going' then change it to "any".* If the MySQL host and snort host are different, make sure you can connect from one to the other.The MySQL host and snort are on the same machine.Ok. Should work fine. Time for a 'silly' question: You are using the db output plugin? Does
snort
give you any errors when you start it? ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, php, MySQL and acid showing no activity, (continued)
- RE: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity Rafeeq Ur Rehman (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Erek Adams (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Jim Burwell (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity Demetri Mouratis (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Phil Wood (Aug 23)
- RE: Snort, php, MySQL and acid showing no activity McClure Gammon (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Erek Adams (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)
- Re: Snort, php, MySQL and acid showing no activity Joshua Rogers (Aug 23)