Re: [Snort-users] Acid shows sensors as 0
This is a discussion on Re: [Snort-users] Acid shows sensors as 0 within the Snort forums, part of the System Security and Security Related category; --=-uRJ8dCnJmrhVp9Revgiw Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-11-23 at 15:21, Gentian Hila ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-23-2004
|
|||
|
|||
Re: [Snort-users] Acid shows sensors as 0
--=-uRJ8dCnJmrhVp9Revgiw Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-11-23 at 15:21, Gentian Hila wrote: > The line that configures snort to connect in snort.conf is uncommented > and is like this: >=20 > output database: log, mysql, user=3Dsnort password=3D****** > dbname=3Dsnort host=3Dlocalhost >=20 > (****** is the password) and snort connects as snort user in Mysql > and db name in mysql is snort. >=20 > I have an empty event table. >=20 > mysql> select * from event; > Empty set (0.00 sec) >=20 > My question is: when you setup snort and acid, is it supposed to work > normally or do you have to configure other stuff and rules. My guess > is that it should work, even though it might need to be tuned. But > that's another story. It should work normally. How long has Snort been running? I would have to guess that it hasn't seen anything that it considered something to alert on. Until it sees something, for example someone accessing a web server and trying to get cmd.exe, that your rules would fire on, it doesn't report anything for ACID/BASE to display. Kevin ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! --=-uRJ8dCnJmrhVp9Revgiw Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBo51T9gxbZzzrqlsRAvCKAJ9Z1+XWFY1ORxz3tr4NzQ J/OrbAfQCfetbv 2CyfMBXduS6b88ZeQ1DnuKg= =YG/l -----END PGP SIGNATURE----- --=-uRJ8dCnJmrhVp9Revgiw-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
