Re: [Snort-users] Acid shows sensors as 0
This is a discussion on Re: [Snort-users] Acid shows sensors as 0 within the Snort forums, part of the System Security and Security Related category; Thank you very much sir. I will give it a try. On Tue, 23 Nov 2004 15:20:38 -0600, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-23-2004
|
|||
|
|||
Re: [Snort-users] Acid shows sensors as 0
Thank you very much sir. I will give it a try.
On Tue, 23 Nov 2004 15:20:38 -0600, Shawn Kottke <skottke@datalink.com> wrote: > > > Use nmap or something to do a scan against the box or a short range of IPs > on your network and see if snort detects anything. > > > > > > > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net > <snort-users-admin@lists.sourceforge.net> > To: Kevin Johnson <kjohnson@secureideas.net> > CC: Snort Users <snort-users@lists.sourceforge.net> > Sent: Tue Nov 23 14:31:11 2004 > Subject: Re: [Snort-users] Acid shows sensors as 0 > > Maybe that might be it. How can I test that is really doing something ? > > > On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson > <kjohnson@secureideas.net> wrote: > > On Tue, 2004-11-23 at 15:21, Gentian Hila wrote: > > > > > > > The line that configures snort to connect in snort.conf is uncommented > > > and is like this: > > > > > > output database: log, mysql, user=snort password=****** > > > dbname=snort host=localhost > > > > > > (****** is the password) and snort connects as snort user in Mysql > > > and db name in mysql is snort. > > > > > > I have an empty event table. > > > > > > mysql> select * from event; > > > Empty set (0.00 sec) > > > > > > My question is: when you setup snort and acid, is it supposed to work > > > normally or do you have to configure other stuff and rules. My guess > > > is that it should work, even though it might need to be tuned. But > > > that's another story. > > > > It should work normally. How long has Snort been running? I would have > > to guess that it hasn't seen anything that it considered something to > > alert on. Until it sees something, for example someone accessing a web > > server and trying to get cmd.exe, that your rules would fire on, it > > doesn't report anything for ACID/BASE to display. > > > > > > > > Kevin > > ------------------- > > BASE Project Lead > > http://sourceforge.net/projects/secureideas > > http://base.secureideas.net > > The next step in IDS analysis! > > > > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
