|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] What Might I have Missed? RH72, Snort, MySql, PHP, Adodb, Acid
From: Bruce D. meyer (bdmeyer
kg4tac.net)
Date: Wed Apr 07 2004 - 06:01:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Following various bits of info from the Snort 2.0 Book by Jay Beales, This
web site:
http://www.sfhn.net/whites/snort_acid-rpm.html
This PDF file:
http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
I seem to have almost everything working correctly. I can go to Shields Up
at grc.com, put then machine on my DMZ, tell Shields up to do a full port
scan, and TOP shows an occasional jump of Snort-Mysql, and the log directory
shows the attempts.
( am using "alert, mysql' in the conf file (as opposed to log, mysql)
So, snort is seeing the port scans and I see in the alert file, that it is
logging them. Oddly, Acid shows zero intrusions or records of any kind. GD,
and everything else SEEMS to be functioning, but it seems like Acid just
isn't reading the database, or else the MySql isn't getting the data. I am
not a big MySql, Acid, Adodb, or PHP expert, at all, I just followed a lot
of directions and beat my head on the keyboard for awhile until things all
started to work.
I am hoping someone can point me in a general direction for tonight's
troubleshooting session.
My thoughts are is that either:
a.) The data isn't getting written to MySql (so I need to view all the
tables in 'snort' database somehow.
or
b.) Acid is not reading the MySql 'snort' database, but isn't writing errors
to the /var/log/messages, or /var/log/security or any other log files in
that directory that I am grepping. (It could just be I am not grepping for
the correct string, I am not sure what I am looking for except MySql...
Just a hint would be very helpful. This is so much fun, I almost want to
take a vacation day to keep working on this.... (That's like a bad thing,
right?)
Bruce D. Meyer
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]