[olug] Snort Not Logging

Brian Roberson roberson at olug.org
Mon Oct 25 23:07:28 UTC 2004


I assume the daemon is running for sure... ( ps -ef | grep snort ).....
Using the info in the snort config file, are you able to log into the mysql database?
Did the database itself get deleted, or just the data in the database? - If the 
first, then you will need to recreate the tables manually, snort itself will not
create the tables, it will simply insert data. What does the config file look like?
do you get any error's in syslog regarding the mysql connection?




On Mon, Oct 25, 2004 at 01:22:56PM -0500, Mac Petras wrote:
> Ok all you Snort gurus out there...
> 
> I'm trying to troubleshoot a Snort box (RH 9, Snort 2.04, MySQL
> 4.0.16). I didn't build it (or break it for that matter), just trying
> to get it to work.
> 
> Here's what I know so far:
> 
> 1) Someone recently removed all the databases for snort and reinstalled Snort
> 2) Using eth0 in promiscuos more, no IP
> 3)  It has captured nothing to the database, However the alert log
> file has data, but not since Aug 29th)
> 
> The  NICs are working, but no data is being captured....
> 
> Any thoughts on where to start? Troubleshooting order? etc?
> 
> Thanks!
> Mac
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list