RE: [Snort-users] My BASE did not have any alerts

 glad to hear you're seeing alerts now - 
as for the Nessus scan not showing up, what options are you setting? Try a
quick scan with Nmap in aggressive mode to see if that produces
anything...at least it would give a better idea of where the issue may be.

-----Original Message-----
From: mr leokenzie [mailto:tenminustwo@hotmail.com] 
Sent: Tuesday, April 19, 2005 11:04 PM
To: 360air@comcast.net
Subject: RE: [Snort-users] My BASE did not have any alerts

Yeaup.. Thanks to you i did manage to display some alerts in BASE when i did
a snort -c etc/snort/snort.conf -i eth0. But when i scan using nessus
nothing is being display in BASE. How come?
Thanks

> From: "Adam Kliarsky" <360air@comcast.net>
> Reply-To: <360air@comcast.net>
> To: "'mr leokenzie'" 
> <tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
> Subject: RE: [Snort-users] My BASE did not have any alerts
> Date: Mon, 18 Apr 2005 21:01:17 -0700
>
> Yes, when you login to mysql, use the user specified in the snort 
> config file, grab the snort db (if snort is the db listed in
> snort.conf/base_conf.php) and display the tables to verify everything 
> is
> setup:
> [user@localhost ~]$mysql -u snort -p <password>
>  mysql>use snort;
>  mysql>show tables;
>
> Any luck after running snort (anything showing up on the main console?) 
> Aslo, Patrick Harper has posted some good papers w/ Snort/MySQL/BASE 
> etc - you may find these useful you can find the latest here - 
> http://www.internetsecurityguru.com
>
>
>
> -----Original Message-----
> From: mr leokenzie [mailto:tenminustwo@hotmail.com]
> Sent: Monday, April 18, 2005 8:13 PM
> To: 360air@comcast.net
> Subject: RE: [Snort-users] My BASE did not have any alerts
>
> I can run  Snort but what do you mean by "did you verify that you can 
> login to MySQL with the user supplied in snort.conf?" i will just  do a 
> mysql -p and enter my password to go to the mysql> prompt.
> Is that correct?
>
> After all that is done will nessus's scan show some alert stats?
> Thanks alot
>
> > From: "Adam Kliarsky" <360air@comcast.net>
> > Reply-To: <360air@comcast.net>
> > To: "'mr leokenzie'"
> > <tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
> > Subject: RE: [Snort-users] My BASE did not have any alerts
> > Date: Sun, 17 Apr 2005 09:19:36 -0700
> >
> > Yeah, Nessus should produce all sorts of red on your base console Ok, 
> > assuming you're on a *nix system, do the following
> >
> > 1. check for the running snort process ("ps -aux | grep snort") You 
> > should see two entries if snort is running (one for the process, and 
> > one for your ps query) If snort is not running, start it up ("snort 
> > -c <path to snort.conf> -i
> > <interface>")
> >
> > 2. packet dump on the same interface to make sure libpcap is working 
> > and capturing packets
> >  - "snort -dv -i <interface>" - this will display the packets to the 
> > screen so you can check
> >
> > 3. check the logs to see if you are getting mysql login errors or 
> > other similar
> >  - (/var/log/messages)
> >
> > 4. did you verify that you can login to MySQL with the user supplied 
> > in snort.conf?
> >
> > 5. check base_conf.php:
> >  - $Dbtype = "mysql";
> >  - $alert_dbname = "snort";
> >  - $alert_host = "localhost";
> >  - $alert_user = "snort";
> >  - $alert_password = "your own password";
> >
> > Let me know if that produces anything -
> >
> > Adam
> >
> > -----Original Message-----
> > From: mr leokenzie [mailto:tenminustwo@hotmail.com]
> > Sent: Sunday, April 17, 2005 8:38 AM
> > To: 360air@comcast.net
> > Subject: RE: [Snort-users] My BASE did not have any alerts
> >
> > 1. im not sure whether i started running snort, but i did run the 
> > database 2. I have not check whether theres error 3. output plugin is 
> > configured as follows (output database: log, mysql, user=snort 
> > password=myown password dbname=snort host=localhost) 4. what do you 
> > mean by dump on the interface to ensure it receives the packet
> >
> > When i scan nessus, does base actually shows the results and stats?
> > Thanks
> >
> > > From: "Adam Kliarsky" <360air@comcast.net>
> > > Reply-To: <360air@comcast.net>
> > > To: "'mr leokenzie'"
> > > <tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
> > > Subject: RE: [Snort-users] My BASE did not have any alerts
> > > Date: Sat, 16 Apr 2005 18:37:26 -0700
> > >
> > > This could be related to several things - can you describe your 
> > > system (platform, db, etc)?
> > > - did you verify snort & database processes are running? Did you 
> > > restart them?
> > > - do you see any errors (/var/log/messages)
> > > - is the output plugin in snort.conf configured properly
> > >  (output database: log, mysql, user=??? password=??? dbname=???
> > > host=localhost)
> > > - did you dump on the interface to ensure you're receiving packets?
> > >
> > >
> > > -----Original Message-----
> > > From: snort-users-admin@lists.sourceforge.net
> > > [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of mr 
> > > leokenzie
> > > Sent: Friday, April 15, 2005 12:33 AM
> > > To: snort-users@lists.sourceforge.net
> > > Subject: [Snort-users] My BASE did not have any alerts
> > >
> > > What have I done wrong?
> > > I did a scan with nessus but when i go to my BASE website it did 
> > > not display anything.
> > > Why is that?
> > > I make it focus on port 80 and target it at my own ip address. 
> > > Please kindly Help.
> > > Thanks
> > >
> > > _________________________________________________________________
> > > Don't just search. Find. Check out the new MSN Search!
> > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide Read honest & 
> > > candid reviews on hundreds of IT Products from real users.
> > > Discover which products truly live up to the hype. Start reading now.
> > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide Read honest & 
> > > candid reviews on hundreds of IT Products from real users.
> > > Discover which products truly live up to the hype. Start reading now.
> > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > _________________________________________________________________
> > Is your PC infected? Get a FREE online computer virus scan from 
> > McAfeeR Security. 
> > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide Read honest & candid 
> > reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how 
> to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: New Crystal Reports XI.
> Version 11 adds new functionality designed to reduce time involved in 
> creating, integrating, and deploying reporting solutions. Free runtime 
> info, new features, or free trial, at: 
> http://www.businessobjects.com/devxi/728
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/



-------------------------------------------------------
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users