Re: [Snort-users] Acid shows sensors as 0
This is a discussion on Re: [Snort-users] Acid shows sensors as 0 within the Snort forums, part of the System Security and Security Related category; I run a GFI scan against snort machine from another computer and still ACID shows nothing on its interface (it ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-24-2004
|
|||
|
|||
Re: [Snort-users] Acid shows sensors as 0
I run a GFI scan against snort machine from another computer and still
ACID shows nothing on its interface (it keeps showing Sensors 0). I have only one network card installed in my Fedora machine which enters in promiscuous mode (I can tell from the system logs) when snort starts. As I said before, MySql i running, snort connects to it, Snort is running ( I followed all the instruction of this guide http://www.snort.org/docs/Snort_SSL_FC2.pdf for fedora c2) Everything seems ok to me except the fact that there is no data showing on ACID. What is going on ? Please helppppppppppppppppppp. On Tue, 23 Nov 2004 16:41:27 -0500, Gentian Hila <gentianhila@gmail.com> wrote: > Thank you very much sir. I will give it a try. > > > > > On Tue, 23 Nov 2004 15:20:38 -0600, Shawn Kottke <skottke@datalink.com> wrote: > > > > > > Use nmap or something to do a scan against the box or a short range of IPs > > on your network and see if snort detects anything. > > > > > > > > > > > > > > -----Original Message----- > > From: snort-users-admin@lists.sourceforge.net > > <snort-users-admin@lists.sourceforge.net> > > To: Kevin Johnson <kjohnson@secureideas.net> > > CC: Snort Users <snort-users@lists.sourceforge.net> > > Sent: Tue Nov 23 14:31:11 2004 > > Subject: Re: [Snort-users] Acid shows sensors as 0 > > > > Maybe that might be it. How can I test that is really doing something ? > > > > > > On Tue, 23 Nov 2004 15:28:03 -0500, Kevin Johnson > > <kjohnson@secureideas.net> wrote: > > > On Tue, 2004-11-23 at 15:21, Gentian Hila wrote: > > > > > > > > > > The line that configures snort to connect in snort.conf is uncommented > > > > and is like this: > > > > > > > > output database: log, mysql, user=snort password=****** > > > > dbname=snort host=localhost > > > > > > > > (****** is the password) and snort connects as snort user in Mysql > > > > and db name in mysql is snort. > > > > > > > > I have an empty event table. > > > > > > > > mysql> select * from event; > > > > Empty set (0.00 sec) > > > > > > > > My question is: when you setup snort and acid, is it supposed to work > > > > normally or do you have to configure other stuff and rules. My guess > > > > is that it should work, even though it might need to be tuned. But > > > > that's another story. > > > > > > It should work normally. How long has Snort been running? I would have > > > to guess that it hasn't seen anything that it considered something to > > > alert on. Until it sees something, for example someone accessing a web > > > server and trying to get cmd.exe, that your rules would fire on, it > > > doesn't report anything for ACID/BASE to display. > > > > > > > > > > > > Kevin > > > ------------------- > > > BASE Project Lead > > > http://sourceforge.net/projects/secureideas > > > http://base.secureideas.net > > > The next step in IDS analysis! > > > > > > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://productguide.itmanagersjournal.com/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
