Re: [Snort-users] Acid shows sensors as 0

On Tue, 2004-11-23 at 15:21, Gentian Hila wrote:
> The line that configures snort to connect in snort.conf is uncommented
> and is like this:
>
> output database: log, mysql, user=snort password=******
>  dbname=snort host=localhost
>
> (******  is the password) and snort connects as snort user in Mysql
> and db name in mysql is snort.
>
> I have an empty event table.
>
> mysql> select * from event;
> Empty set (0.00 sec)
>
> My question is: when you setup snort and acid, is it supposed to work
> normally or do you have to configure other stuff and rules. My guess
> is that it should work, even though it might need to be tuned. But
> that's another story.

It should work normally.  How long has Snort been running?  I would have
to guess that it hasn't seen anything that it considered something to
alert on.  Until it sees something, for example someone accessing a web
server and trying to get cmd.exe,  that your rules would fire on, it
doesn't report anything for ACID/BASE to display.

Kevin
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!

signature.asc
Description: This is a digitally signed message part