|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] What Might I have Missed? RH72, Snort, MySql, PHP, Adodb, Acid
From: Alejandro Flores (alejandro.flores
triforsec.com.br)
Date: Wed Apr 07 2004 - 07:37:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Bruce,
Send the command line used to start snort.
Regards,
Alejandro
> Following various bits of info from the Snort 2.0 Book by Jay Beales, This
> web site:
> http://www.sfhn.net/whites/snort_acid-rpm.html
>
> This PDF file:
> http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
>
> I seem to have almost everything working correctly. I can go to Shields Up
> at grc.com, put then machine on my DMZ, tell Shields up to do a full port
> scan, and TOP shows an occasional jump of Snort-Mysql, and the log directory
> shows the attempts.
> ( am using "alert, mysql' in the conf file (as opposed to log, mysql)
>
> So, snort is seeing the port scans and I see in the alert file, that it is
> logging them. Oddly, Acid shows zero intrusions or records of any kind. GD,
> and everything else SEEMS to be functioning, but it seems like Acid just
> isn't reading the database, or else the MySql isn't getting the data. I am
> not a big MySql, Acid, Adodb, or PHP expert, at all, I just followed a lot
> of directions and beat my head on the keyboard for awhile until things all
> started to work.
>
> I am hoping someone can point me in a general direction for tonight's
> troubleshooting session.
>
> My thoughts are is that either:
> a.) The data isn't getting written to MySql (so I need to view all the
> tables in 'snort' database somehow.
> or
> b.) Acid is not reading the MySql 'snort' database, but isn't writing errors
> to the /var/log/messages, or /var/log/security or any other log files in
> that directory that I am grepping. (It could just be I am not grepping for
> the correct string, I am not sure what I am looking for except MySql...
>
> Just a hint would be very helpful. This is so much fun, I almost want to
> take a vacation day to keep working on this.... (That's like a bad thing,
> right?)
>
> Bruce D. Meyer
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
--TriForSec
http://www.triforsec.com.br/
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]