Snort mailing list archives
Re: SNORT,ACID,MYSQL no alerts, please help....
From: Kevin Johnson <kjohnson () secureideas net>
Date: Mon, 25 Oct 2004 06:47:06 -0400
On Mon, 2004-10-25 at 00:32, zahid mohammed wrote:
Hi, When snort (running as a service), ACID and mysql are run, does the snort log all the packets in the database or does it only log the packets which have triggered the alerts???? I wanted to know this because my ACID is not showing any alerts. And when I check the database there is nothing logged in the database. I used third party tools like NMAP for port scanning, but there are no alerts. The line which I uncommented in snort is "output database: log, mysql, user=root dbname=snortdatabase host=localhost". I gave no password here because the same thing is given in mysql.ini and to the user(root) of snortdatabase created using DBTOOLS. username = root, and the password line is commented. Please help me in figuring out the problem. Thank you, Regards, ZAHID.
Hi- First, can I recommend that you use a user other then root to write any data to your database. If you are not familiar with setting up users on mysql, there are some great tutorials on the web. I have a few questions for you to help us help you: - Were there any error messages when you started Snort? - Was it running when you performed the port scans? - Are you configured to alert on portscans? I would recommend that you read the document below to help you get started. http://www.snort.org/docs/Snort_SSL_FC2.pdf This file is specific to Fedora Core 2 but the principles are the same on most O/S's. Thanks Kevin ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas The next step in IDS analysis! ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT,ACID,MYSQL no alerts, please help.... zahid mohammed (Oct 24)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Kevin Johnson (Oct 25)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Steven Crandell (Oct 25)
- Re: SNORT,ACID,MYSQL no alerts, please help.... Kevin Johnson (Oct 25)