Snort mailing list archives
Re: Beginner Help...
From: cc <cc () belfordhk com>
Date: Fri, 01 Aug 2003 09:38:55 +0800
Stevo wrote:
I have 2 interfaces in my Snort box, one for management and one for sniffing. The sniffer interface is connected to a switch (Cat4006) and I'm spanning our uplink port to the sniffer interface. I know that's working because if I do a tcpdump -i eth1 (the sniffer interface) I see ALL the traffic from our network... Snort is running and supposibly logging the my mysql db - should I see the number of records increasing in a certain table to make sure
Have you tested out whether or not snort is indeed sending info to your MySQL db? ACID only reports what it sees and if there's no data, it can't show you anything.
the data is in fact being logged there successfully?? I've been
There are some ways of doing this. Basically go to both your
snort boxes and try the mysql command using the username and password
and host and see if you can connect to the db. if so, then it
works. Otherwise you might have some problems with the setup.
HTH
--
email: cc () belfordhk com | "A man who knows not where he goes,
| knows not when he arrives."
| - Anon
** All information contained in this email is strictly **
** confidential and may be used by the intended receipient **
** only. **
Current thread:
- Beginner Help... Stevo (Jul 31)
- Re: Beginner Help... cc (Jul 31)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- <Possible follow-ups>
- FW: Beginner Help... support (Jul 31)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- RE: FW: Beginner Help... Brian Gregorcy (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)