RE: No Activity Occurring on ACID

["Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>]

I have MySQL installed on the system, and have configured the snort.conf file
with the following line:

output database: log, mysql, user=snort password=XXXXXX dbname=snort
host=127.0.0.1 port=3306 sensor_name=rosnort

Snort is started at boot time via the /etc/init.d/snort script. Additionally, I
have started snort manually with
the following command syntax:

/usr/local/bin/snort -A full -i eth0 -c /etc/snort/snort.conf -v

I did a check of the snort database to see if anything is being logged there.
When I run the select count (*) from event; 
command I get 0 which would appear to indicate the data is not being posted into
the database. If that is the case, does 
that mean there is a permissions issue at work here, or something else?

FYI: To access the mysql database I ran the following command:
/usr/local/mysql/bin/mysql -p and provided the password.

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper () phns com]
Sent: Thursday, July 22, 2004 7:09 PM
To: Kaplan, Andrew H.; snort-users () lists sourceforge net
Subject: RE: [Snort-users] No Activity Occurring on ACID


Are you logging to a database?  Check your output configuration in
snort.conf

How are you starting snort? 


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper () phns com 


-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN () PARTNERS ORG] 
Sent: Thursday, July 22, 2004 4:02 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] No Activity Occurring on ACID

Hi there --

Snort is running on our system but there is no activity occurring on the
ACID console. A check of the /var/log/snort/alert.log file indicated
that alerts were being tracked by the program. What settings do I need
to reconfigure to resolve this probem? Thanks.


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





Disclaimer:
This electronic message, including any attachments, is confidential and intended
solely for use of the intended recipient(s). This message may contain
information that is privileged or otherwise protected from disclosure by
applicable law. Any unauthorized disclosure, dissemination, use or reproduction
is strictly prohibited. If you have received this message in error, please
delete it and notify the sender immediately. 




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users