RE: [Snort-users] My BASE did not have any alerts

Yeah, Nessus should produce all sorts of red on your base console
Ok, assuming you're on a *nix system, do the following

1. check for the running snort process ("ps -aux | grep snort")
You should see two entries if snort is running (one for the process, and one
for your ps query)
If snort is not running, start it up ("snort -c <path to snort.conf> -i
<interface>")

2. packet dump on the same interface to make sure libpcap is working and
capturing packets
 - "snort -dv -i <interface>" - this will display the packets to the screen
so you can check

3. check the logs to see if you are getting mysql login errors or other
similar
 - (/var/log/messages)

4. did you verify that you can login to MySQL with the user supplied in
snort.conf?

5. check base_conf.php:
 - $Dbtype = "mysql";
 - $alert_dbname = "snort";
 - $alert_host = "localhost";
 - $alert_user = "snort";
 - $alert_password = "your own password";

Let me know if that produces anything - 

Adam

-----Original Message-----
From: mr leokenzie [mailto:tenminustwo@hotmail.com] 
Sent: Sunday, April 17, 2005 8:38 AM
To: 360air@comcast.net
Subject: RE: [Snort-users] My BASE did not have any alerts

1. im not sure whether i started running snort, but i did run the database
2. I have not check whether theres error 3. output plugin is configured as
follows (output database: log, mysql, user=snort password=myown password
dbname=snort host=localhost) 4. what do you mean by dump on the interface to
ensure it receives the packet

When i scan nessus, does base actually shows the results and stats?
Thanks

> From: "Adam Kliarsky" <360air@comcast.net>
> Reply-To: <360air@comcast.net>
> To: "'mr leokenzie'" 
> <tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
> Subject: RE: [Snort-users] My BASE did not have any alerts
> Date: Sat, 16 Apr 2005 18:37:26 -0700
>
> This could be related to several things - can you describe your system 
> (platform, db, etc)?
> - did you verify snort & database processes are running? Did you 
> restart them?
> - do you see any errors (/var/log/messages)
> - is the output plugin in snort.conf configured properly
>  (output database: log, mysql, user=??? password=??? dbname=???
> host=localhost)
> - did you dump on the interface to ensure you're receiving packets?
>
>
> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net
> [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of mr 
> leokenzie
> Sent: Friday, April 15, 2005 12:33 AM
> To: snort-users@lists.sourceforge.net
> Subject: [Snort-users] My BASE did not have any alerts
>
> What have I done wrong?
> I did a scan with nessus but when i go to my BASE website it did not 
> display anything.
> Why is that?
> I make it focus on port 80 and target it at my own ip address. Please 
> kindly Help.
> Thanks
>
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide Read honest & candid 
> reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide Read honest & candid 
> reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeR
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users