Snort mailing list archives

RE: Can ACID console and snort sensor run on same box?

From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Wed, 22 Jan 2003 12:22:06 -0500

Thanks Chris, and the others who've answered me here.  I find that it is
working this morning, but wasn't last night.  Perhaps there was something
that was date sensitive or needed to be "touched".  


- Gordon

                 -----Original Message-----
                From:   Chris N [mailto:chris.northrop () po state ct us] 
                Sent:   Wednesday, January 22, 2003 2:04 PM
                To:     snort-users-admin () lists sourceforge net
                Cc:     gcunnin2 () bellsouth net
                Subject:        RE: [Snort-users] Can ACID console and snort
sensor run on same box?

                Hello Gordon,

                Make sure you have the mysql client installed on the sensor.

                ./configure --without-server --without-docs --without-bench
--without-debug

                Do a command line check from the client..
                mysql -u user -p -h hostname

                Make sure you have mysql output configured
                output database: alert, mysql, user=user password=password
dbname=snort sensor_name=hostile1 detail=full host=hostname encoding=ascii

                Start up snort without "-D" and check for errors.

                check net connection to Database
                netstat -an |grep EST

                Good Luck
                Chris


                         -----Original Message-----
                        From:   snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] 
                        Sent:   Tuesday, January 21, 2003 5:24 PM
                        To:     snort-users () lists sourceforge net
                        Subject:        [Snort-users] Can ACID console and
snort sensor run on same box?

                        I'm still learning the ropes when it comes to
putting distributed sensors and consoles together.  Is it possible to run
ACID console with MySQL on the same box as a sensor and have the sensor
report into the database?  If so, I'm not seeing it work here and don't know
where to look next.  I followed the RH 7.3, ACID, etc. doc posted on the
snort docs page, but of course there were some differences...  ACID reports
0 sensors, alerts have been logged to the "alert' log file but I don't see
them in the database.  The sensor appears to be in there properly, though.

                        Thanks.

                        - Gordon

<<attachment: winmail.dat>>

Current thread:

Can ACID console and snort sensor run on same box? Gordon Cunningham (Jan 21)
- RE: Can ACID console and snort sensor run on same box? Michael Steele (Jan 21)
- <Possible follow-ups>
- RE: Can ACID console and snort sensor run on same box? Gordon Cunningham (Jan 22)