Snort - [Snort-users] An acid problem.

Author

[Snort-users] An acid problem.

kinux

2004-09-24, 2:46 am

This is a multi-part message in MIME format.

------=_NextPart_000_002D_01C4A240.2899A0E0
Content-Type: text/plain;
charset="big5"
Content-Transfer-Encoding: quoted-printable

hi,

i installed snort, mysql, acid by ports on a freebsd box.=20
When i try to display Alert Listing: 15 Last Alerts, there is nothing =
show on the
screen. as following. What's the problem?

ACID
Alert Listing: 15 Last Alerts Home
Search | AG Maintenance

[ Back ]

Added 0 alert(s) to the Alert cache
Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria any
IP Criteria any
Layer 4 Criteria none
Payload Criteria any

Displaying 15 Last Alerts

Thanks.

------=_NextPart_000_002D_01C4A240.2899A0E0
Content-Type: text/html;
charset="big5"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dbig5">
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>hi,</DIV>
<DIV> </DIV>
<DIV>i installed snort, mysql, acid by =
ports on a=20
freebsd box. </DIV>
<DIV>When i try to display Alert Listing: 15 Last Alerts, there is =
nothing show=20
on the screen.  as following.  What's the=20
problem?       =
ACID     =20
Alert Listing: 15 Last Alerts=20
Home            =
;=20
Search   |   AG=20
Maintenance       [ Back ] Added =
0=20
alert(s) to the Alert cache  Queried DB on : Fri September 24, =
2004=20
10:22:20 Meta Criteria   =20
any            =
      =20
IP Criteria   =20
any            =
      =20
Layer 4 Criteria   =20
none            =
;      =20
Payload Criteria    any Displaying 15 =
Last=20
Alerts Thanks.</DIV>
<DIV> </DIV></BODY></HTML>

------=_NextPart_000_002D_01C4A240.2899A0E0--

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users

Gould, Scott

2004-09-24, 2:46 am

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4A208.A27D7072
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

My 1st thought would be to check your snort.conf file for the
appropriate output plug-in configuration. You need to tell snort to log
to your mysql db, via an output db plug-in line in your snort.conf
file..

=20

The documentation at snort.org and the snort.conf file give examples of
database output logging.

=20

This, is however a method that may not be able to keep up with high
bandwidth. You may want to consider a flow like this if you have high
bandwidth pipes your monitoring:

=20

Snort logs to binary log file

Barnyard monitors binary log file, and does inserts into mysql db

=20

Lots of information about barnyard can be found in the various setup
docs available at snort.org, and by searching the archives of this list.

=20

My best advice, only being at this for a year or so myself, is to start
simple (which your doing:-)), get your current setup working, then look
to tune performance down the road.

=20

Hope this helps.

=20

Scott Gould, MCP

Senior Network & Systems Analyst

Gynecologic Oncology Group=20

Statistical & Data Center

sgould@gogstats.org

716-845-5702

________________________________

From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of kinux
Sent: Friday, September 24, 2004 2:10 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] An acid problem.

=20

hi,

=20

i installed snort, mysql, acid by ports on a freebsd box.=20

When i try to display Alert Listing: 15 Last Alerts, there is nothing
show on the
screen. as following. What's the problem?

ACID
Alert Listing: 15 Last Alerts Home
Search | AG Maintenance

[ Back ]

Added 0 alert(s) to the Alert cache
Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria any
IP Criteria any
Layer 4 Criteria none
Payload Criteria any

Displaying 15 Last Alerts

Thanks.

=20

------_=_NextPart_001_01C4A208.A27D7072
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40"
xmlns:ns0=3D"urn:schemas-microsoft-com:office:smarttags">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PlaceType"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PlaceName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>

<style>

</style>

</head>

<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

My 1st thought would be =
to check
your snort.conf file for the appropriate output plug-in =
configuration. 
You need to tell snort to log to your mysql db, via an output db plug-in =
line
in your snort.conf file..<o:p></o:p>

<o:p> </o:p>

The documentation at snort.org and =
the
snort.conf file give examples of database output =
logging.<o:p></o:p>

<o:p> </o:p>

This, is however a method that may =
not be
able to keep up with high bandwidth.  You may want to consider a =
flow like
this if you have high bandwidth pipes your =
monitoring:<o:p></o:p>

<o:p> </o:p>

Snort logs to binary log =
file<o:p></o:p>

Barnyard monitors binary log file, =
and does
inserts into mysql db<o:p></o:p>

<o:p> </o:p>

Lots of information about barnyard =
can be
found in the various setup docs available at snort.org, and by searching =
the
archives of this list.<o:p></o:p>

<o:p> </o:p>

My best advice, only being at this =
for a
year or so myself, is to start simple (which your =
doingJ ), get your =
current setup
working, then look to tune performance down the =
road.<o:p></o:p>

<o:p> </o:p>

Hope this =
helps.<o:p></o:p>

<o:p> </o:p>

<div>

Scott Gould, MCP<o:p></o:p>

Senior Network & Systems =
Analyst<o:p></o:p>

Gynecologic Oncology =
Group <o:p></o:p>

Statistical & =
<ns0:place
w:insAuthor=3D"gould" w:insDate=3D"2004-09-24T03:25:00Z" =
w:endInsAuthor=3D"gould"
w:endInsDate=3D"2004-09-24T03:25:00Z"><ns0:PlaceName =
w:insAuthor=3D"gould"
w:insDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"
w:endInsDate=3D"2004-09-24T03:25:00Z"><st1:place =
w:st=3D"on"><st1:PlaceName
w:st=3D"on">Data</st1:PlaceName></ns0:PlaceName></=
st1:place> <ns0:PlaceType
w:insAuthor=3D"gould" w:insDate=3D"2004-09-24T03:25:00Z" =
w:endInsAuthor=3D"gould"
w:endInsDate=3D"2004-09-24T03:25:00Z"><st1:PlaceType w:st=3D"on">Center</st1:PlaceType></ns0:PlaceType>=
</ns0:place><o:p></o:p>

<ns0:place w:insAuthor=3D"gould" =
w:insDate=3D"2004-09-24T03:25:00Z"
w:endInsAuthor=3D"gould" =
w:endInsDate=3D"2004-09-24T03:25:00Z"><ns0:PlaceType
w:insAuthor=3D"gould" w:insDate=3D"2004-09-24T03:25:00Z" =
w:endInsAuthor=3D"gould"
w:endInsDate=3D"2004-09-24T03:25:00Z">sgould@gogstats.org</ns0:PlaceType></n=
s0:place><o:p></o:p>

<ns0:place w:insAuthor=3D"gould" =
w:insDate=3D"2004-09-24T03:25:00Z"
w:endInsAuthor=3D"gould" =
w:endInsDate=3D"2004-09-24T03:25:00Z"><ns0:PlaceType
w:insAuthor=3D"gould" w:insDate=3D"2004-09-24T03:25:00Z" =
w:endInsAuthor=3D"gould"
w:endInsDate=3D"2004-09-24T03:25:00Z">716-845-5702</ns0:PlaceType></ns0:plac=
e><o:p></o:p>

</div>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</div>

From: =
snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of kinux 
Sent: Friday, September =
24, 2004
2:10 AM 
To:
snort-users@lists.sourceforge.net 
Subject: [Snort-users] An =
acid
problem.<o:p></o:p>

</div>

<o:p> </o:p>

<div>

hi,<o:p></o:p>

</div>

<div>

 <o:p></o:p>

</div>

<div>

i
installed snort, mysql, acid by ports on a freebsd =
box. <o:p></o:p>

</div>

<div>

When
i try to display Alert Listing: 15 Last Alerts, there is nothing show on =
the 
screen.  as following. 
What's the problem? 
 
     
ACID 
    
Alert Listing: 15 Last Alerts Home 
           =
;
Search  
|  
AG Maintenance 
 
     
[ Back ] 
 
Added 0 alert(s) to the Alert cache 
 Queried
DB on : Fri September 24, 2004 10:22:20 Meta Criteria   
any 
           =
;      
IP Criteria   
any 
           =
;      
Layer 4 Criteria   
none 
           =
;      
Payload Criteria   
any 
 
 
 
 
Displaying 15 Last Alerts 
 
Thanks.<o:p></o:p>

</div>

<div>

 <o:p></o:p>

</div>

</div>

</body>

</html>

------_=_NextPart_001_01C4A208.A27D7072--

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users

kinux

2004-09-24, 5:46 pm

This is a multi-part message in MIME format.

------=_NextPart_000_00B6_01C4A2A9.AD8E66A0
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

In snort.conf, i have choose to use mysql..

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=3Dsnort password=3D123454 =
dbname=3Dsnort host=3Dlocalhost

----- Original Message -----=20
From: Gould, Scott=20
To: snort-users@lists.sourceforge.net=20
Sent: Friday, September 24, 2004 3:32 PM
Subject: RE: [Snort-users] An acid problem.

My 1st thought would be to check your snort.conf file for the =
appropriate output plug-in configuration. You need to tell snort to log =
to your mysql db, via an output db plug-in line in your snort.conf =
file..

=20

The documentation at snort.org and the snort.conf file give examples =
of database output logging.

=20

This, is however a method that may not be able to keep up with high =
bandwidth. You may want to consider a flow like this if you have high =
bandwidth pipes your monitoring:

=20

Snort logs to binary log file

Barnyard monitors binary log file, and does inserts into mysql db

=20

Lots of information about barnyard can be found in the various setup =
docs available at snort.org, and by searching the archives of this list.

=20

My best advice, only being at this for a year or so myself, is to =
start simple (which your doingJ), get your current setup working, then =
look to tune performance down the road.

=20

Hope this helps.

=20

Scott Gould, MCP

Senior Network & Systems Analyst

Gynecologic Oncology Group=20

Statistical & Data Center

sgould@gogstats.org

716-845-5702

-------------------------------------------------------------------------=
-----

From: snort-users-admin@lists.sourceforge.net =
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of kinux
Sent: Friday, September 24, 2004 2:10 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] An acid problem.

=20

hi,

=20

i installed snort, mysql, acid by ports on a freebsd box.=20

When i try to display Alert Listing: 15 Last Alerts, there is nothing =
show on the
screen. as following. What's the problem?

ACID
Alert Listing: 15 Last Alerts Home
Search | AG Maintenance

[ Back ]

Added 0 alert(s) to the Alert cache
Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria any
IP Criteria any
Layer 4 Criteria none
Payload Criteria any

Displaying 15 Last Alerts

Thanks.

=20

------=_NextPart_000_00B6_01C4A2A9.AD8E66A0
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20
"urn:schemas-microsoft-com:vml" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags" xmlns:ns0 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR><o:SmartTagType name=3D"PlaceType"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT=
ype><o:SmartTagType=20
name=3D"PlaceName"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT=
ype><o:SmartTagType=20
name=3D"place"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT=
ype><o:SmartTagType=20
name=3D"PersonName"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT=
ype>
<STYLE>

</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue bgColor=3Dwhite>
<DIV>In =
snort.conf, i have choose to use=20
mysql..</DIV>
<DIV> </DIV>
<DIV># database: =
log to a variety of databases #=20
--------------------------------------- # See the README.database =
file for=20
more information about configuring # and using this =
plugin. # output=20
database: log, mysql, user=3Dsnort password=3D123454 dbname=3Dsnort=20
host=3Dlocalhost</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt 新細明體">----- =
Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt =
新細明體; font-color: black">From:=20
<A title=3Dsgould@gogstats.org =
href=3D"mailto:sgould@gogstats.org">Gould,=20
Scott</A> </DIV>
<DIV style=3D"FONT: 10pt 新細明體">To: =
<A=20
title=3Dsnort-users@lists.sourceforge.net=20
=
href=3D"mailto:snort-users@lists.sourceforge.net">snort-users@lists.sourc=
eforge.net</A>=20
</DIV>
<DIV style=3D"FONT: 10pt =
新細明體">Sent: Friday, September 24, =
2004 3:32=20
PM</DIV>
<DIV style=3D"FONT: 10pt =
新細明體">Subject: RE: [Snort-users] An =
acid=20
problem.</DIV>
<DIV> </DIV>
<DIV class=3DSection1>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">My =
1st=20
thought would be to check your snort.conf file for the appropriate =
output=20
plug-in configuration.  You need to tell snort to log to your =
mysql db,=20
via an output db plug-in line in your snort.conf=20
file..<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">The =
documentation at=20
snort.org and the snort.conf file give examples of database output=20
logging.<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">This, is =
however a=20
method that may not be able to keep up with high bandwidth.  You =
may want=20
to consider a flow like this if you have high bandwidth pipes your=20
monitoring:<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Snort logs =
to binary=20
log file<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Barnyard =
monitors=20
binary log file, and does inserts into mysql =
db<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Lots of =
information=20
about barnyard can be found in the various setup docs available at =
snort.org,=20
and by searching the archives of this =
list.<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">My best =
advice, only=20
being at this for a year or so myself, is to start simple (which your=20
doing<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Wingdings">J<FONT=20
face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> ), get your =
current=20
setup working, then look to tune performance down the=20
road.<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Hope this=20
helps.<o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p>
<DIV>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Scott =
Gould,=20
MCP<SPAN=20
style=3D"COLOR: navy"><o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Senior =
Network &=20
Systems Analyst<SPAN=20
style=3D"COLOR: navy"><o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Gynecologic =
Oncology=20
Group <SPAN=20
style=3D"COLOR: navy"><o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Statistical =
&=20
<SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><ns0:place=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" =
w:insAuthor=3D"gould"><ns0:PlaceName=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" w:insAuthor=3D"gould"><st1:place=20
w:st=3D"on"><st1:PlaceName w:st=3D"on"><SPAN=20
style=3D"COLOR: =
navy">Data</st1:PlaceName></ns0:PlaceName></st1:place><FONT=
=20
color=3Dnavy> <ns0:PlaceType =

w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" =
w:insAuthor=3D"gould"><st1:PlaceType=20
w:st=3D"on"><SPAN=20
style=3D"COLOR: =
navy">Center</st1:PlaceType></ns0:PlaceType></ns0:place></S=
PAN><FONT=20
color=3Dnavy><o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><ns0:place=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" =
w:insAuthor=3D"gould"><ns0:PlaceType=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" w:insAuthor=3D"gould"><SPAN=20
style=3D"COLOR: =
navy">sgould@gogstats.org</ns0:PlaceType></ns0:place></SPAN=
><FONT=20
color=3Dnavy><o:p></o:p>
<SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><ns0:place=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" =
w:insAuthor=3D"gould"><ns0:PlaceType=20
w:endInsDate=3D"2004-09-24T03:25:00Z" w:endInsAuthor=3D"gould"=20
w:insDate=3D"2004-09-24T03:25:00Z" w:insAuthor=3D"gould"><SPAN=20
style=3D"COLOR: =
navy">716-845-5702</ns0:PlaceType></ns0:place></FONT=
><o:p></o:p></DIV>
<DIV>
<DIV class=3DMsoNormal style=3D"TEXT-ALIGN: center" =
align=3Dcenter><FONT=20
face=3DPMingLiU size=3D3>
<HR tabIndex=3D-1 align=3Dcenter width=3D"100%" SIZE=3D2>
</DIV>
<SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: =
Tahoma">From:<FONT=20
face=3DTahoma size=3D2>=20
snort-users-admin@lists.sourceforge.net=20
[mailto:snort-users-admin@lists.sourceforge.net] <SPAN=20
style=3D"FONT-WEIGHT: bold">On Behalf Of kinux <SPAN=20
style=3D"FONT-WEIGHT: bold">Sent: Friday, September 24, =
2004 2:10=20
AM To:=20
snort-users@lists.sourceforge.net <SPAN=20
style=3D"FONT-WEIGHT: bold">Subject: [Snort-users] An acid=20
problem.<o:p></o:p></DIV>
<SPAN=20
style=3D"FONT-SIZE: 12pt"><o:p> </o:p>
<DIV>
<SPAN=20
style=3D"FONT-SIZE: 12pt">hi,<o:p></o:p></DIV>
<DIV>
<SPAN=20
style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Times New =
Roman'"> <o:p></o:p></DIV>
<DIV>
i=20
installed snort, mysql, acid by ports on a freebsd =
box.<FONT=20
size=3D2> =
<o:p></o:p></DIV>
<DIV>
<SPAN=20
style=3D"FONT-SIZE: 12pt">When i try to display Alert Listing: 15 Last =
Alerts,=20
there is nothing show on the screen.<FONT=20
face=3D"Times New Roman"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'">  as =
following.<FONT=20
face=3D"Times New Roman"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'">  What's =
the=20
problem? <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">     =20
ACID <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">    =20
Alert Listing: 15 Last Alerts Home <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">           =
;=20
Search<SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'">   =
|<FONT=20
face=3D"Times New Roman"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'">   AG =

Maintenance <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">     =20
[ Back ] Added 0 alert(s) to the Alert cache <FONT=20
face=3D"Times New Roman"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'"> Queried =
DB on : Fri=20
September 24, 2004 10:22:20 Meta Criteria<SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">   =20
any <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">           =
;      =20
IP Criteria<SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">   =20
any <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">           =
;      =20
Layer 4 Criteria<SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">   =20
none <SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">           =
;      =20
Payload Criteria<SPAN=20
style=3D"FONT-FAMILY: 'Times New =
Roman'">   =20
any Displaying 15 Last Alerts <SPAN=20
style=3D"FONT-SIZE: 10pt">Thanks.<o:p></o:p></DIV>
<DIV>
<SPAN=20
style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Times New =
Roman'"> <o:p></o:p></DIV></DIV></BLOCKQUOTE></BOD=
Y></HTML>

------=_NextPart_000_00B6_01C4A2A9.AD8E66A0--

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users