[Snort-users] Acid doesn't show anything

hi,

i have a 2-tier snort set up with snort and barnyard running on one box,
and mysql/acid running on another.

i have snort configured with the following options:


snort.conf:

output log_unified: filename snort.unified.log, limit 128


and barnyard.conf configured as follows:

config hostname: localhost
config interface: eth0
output alert_acid_db: mysql, database snort, server ids.domain.com , user
snort, password snort
output log_acid_db: mysql, database snort, server ids.domain.com , user
snort, password snort , detail full

i run snort like:

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -D

and barnyard like:

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -p
/etc/snort/classification.config -f snort.unified.log -g
/etc/snort/rules/gen-msg.map -s etc/snort/rules/sid-msg.map
-w /usr/local/snortlogs/barnyard.waldo

data appears in the db in almost all tables EXCEPT all acid_*
tables(acid_ag,etc..) *hdr tables (iphdr, etc..) and the data table which
are empty. The sensor table isn't empty : there is one value (inserted by
barnyard) which is :



sid hostname interface filter detail encoding last_cid
---------------------------------------------------------------------------
1 sensor eth0 NULL 1 0 0


anybody know why acid doesn't insert something in acid_* tables, and why i
have nothing in hdr* tables and the data table?

Thanks in advance,








-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users