Re: [Snort-users] Snort 2.0.0 logging to MySQL, but nothing in
This is a discussion on Re: [Snort-users] Snort 2.0.0 logging to MySQL, but nothing in within the Snort forums, part of the System Security and Security Related category; --=-dsXa6dzqKko5mbY76Pgk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-10-19 at 16:29, Williams Jon ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-20-2004
|
|||
|
|||
Re: [Snort-users] Snort 2.0.0 logging to MySQL, but nothing in
--=-dsXa6dzqKko5mbY76Pgk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-10-19 at 16:29, Williams Jon wrote: > I'm having a pretty bad brain fart. Some time this morning, one of our > ACID consoles stopped working. We've confirmed that all of our sensors > are seeing data and generating alerts, that the MySQL port is open > between all of the sensors and the DB server, that MySQL is running and > accepting connections on the port the sensors are connecting to, and > that the sensors are writing data to the database. >=20 > When I go into ACID, it shows no alerts and no sensors, but if I click > on the "Application cache and status" link, the Alert Information Cache > section shows the correct number of alerts under "Total Events". > Clicking on "Repair Tables" and "Update Alert Cache" have no effect on > the problem, nor did restarting the web server, MySQL server, and > rebooting the box. >=20 > Fortunately, we've got a second DB server. When we repointed the > sensors to the second server, everything works fine there. >=20 > While I was logged into the box around the time that the problem > occurred, and there were no other users logged in at all since before > the problem, I have no clear recollection of any actions that had > anything to do with PHP, the web server, ACID, or MySQL. >=20 > Any suggestions? Any idea how I shot myself in the foot? >=20 > Thanks. >=20 > Jon Hi- If you access the original database server directly, are the alerts still there? Is there anything in the logs? I would set the two below variables in acid_conf.php if you can't find anything else.... =20 $sql_trace_mode =3D 0; $sql_trace_file =3D ""; Feel free to respond with any more information and I can try to help. Kevin ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas The next step in IDS analysis! --=-dsXa6dzqKko5mbY76Pgk Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBdZ6A9gxbZzzrqlsRAgMCAKCHGDHByxn2NzHkIRq/Iu0VJK4jUQCfdrET 9+rHqdkptH5vAlhiiPmQbW4= =Utzr -----END PGP SIGNATURE----- --=-dsXa6dzqKko5mbY76Pgk-- ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjourna...uidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
