Snort mailing list archives
Re: Acid shows sensors as 0
From: jacques brierre <jbrierre () bellsouth net>
Date: Sat, 27 Nov 2004 17:19:16 -0500
you can also avoid the screen dump of alerts and go directly for the count. mysql> select COUNT(*) from event; +----------+ | COUNT(*) | +----------+ | 42991 | +----------+ 1 row in set (0.00 sec) mysql> -jb Senthil Prabu.S wrote:
I run a GFI scan against snort machine from another computer and still ACID shows nothing on its interface (it keeps showing Sensors 0). I have only one network card installed in my Fedora machine which enters in promiscuous mode (I can tell from the system logs) when snort starts. As I said before, MySql i running, snort connects to it, Snort is running ( I followed all the instruction of this guide http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2)Everything seems ok to me except the fact that there is no data showing on ACID.What is going on ? Please helppppppppppppppppppp.Hi, [a]. Are you sure snort is creating alerts and log messages? Once you stop snort running on foreground,u will see a drop-down menulisting snort activites,there you can find the count of alerts and logs generatedby snort.Or checkout at log directory for latest alerts and logs [b]. Do u have the following line in your snort configuration file"output database: log, mysql, user=root password=test dbname=db host=localhost".If yes,get into ur mysql database,execute following commands, mysql> use snort; Database changed mysql> select * from event; . . 8348 rows in set (0.46 sec)you will find a list of events from snort.This confirms that Snort have logged datas todatabase.If everything works well then I bet you ACID will bring them into your browser.-- Senthil Prabu.SLogic is a systematic method of coming to the wrong conclusion with confidence._________________________________________________________________ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Acid shows sensors as 0, (continued)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Kevin Johnson (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 23)
- Re: Acid shows sensors as 0 Gentian Hila (Nov 24)
- Re: Acid shows sensors as 0 Senthil Prabu.S (Nov 25)
- Re: Acid shows sensors as 0 jacques brierre (Nov 28)