Snort mailing list archives
RE: No Activity Occurring on ACID
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 23 Jul 2004 13:12:34 -0500
--On Friday, July 23, 2004 11:42:05 AM -0400 "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> wrote:
According to the messages file, snort is starting successfully. I also looked at the snort.conf stuff you sent, and that all looked OK. I'm not sure what the problem might be.I restarted Snort and checked the messages file for the appropriate entries. It looks like everything associated with the program started up successfully with the exception of stream for having a problem with an argument that I gave it. Could you please advise on that? I'm including an excerpt of the messages file for your perusal.
No, it wouldn't be. That's just a WARNING. If it said FATAL, snort would not run.I did log successfully into Snort using the mysql -u "user" -p so there should not be a problem with the snort user having access to the database. I verified the username and password that appear in the snort.conf file match those that I used from the command line. The command syntax that I used with the -T option was snort -T -A -i eth0 -c /etc/snort/snort.conf -v. It showed all plugin's loading successfully except for the min_ttl option for the stream4 plugin. I'll check that out, but I would be surprised if that alone could be the root cause of the problem.
Do not use the "-A" switch. That overrides your conf file, so that would prevent snort from logging to the database and force snort to only log to /var/log/snort/alert (if that's the default path for you).
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)