Topic: Howto snort 2.1.1 + Acid

[Knuddi]

A mysqlshow command shows:

| snort_archive    |
| snort_log        |

Was that what is expected?

/Jesper

[MasterSleepy]

Database are correct. hhhmmmm

Could you check config file of snort(/etc/snort/snort.conf) at line +-457 you should have something like

Code: [Select]

output database: log, mysql, user=root password=blablablablablablabla  dbname=snort_log host=localhost
If you don't have that, try

Code: [Select]

/sbin/e-smith/expand-template /etc/snort/snort.conf

After your config file should be OK

Regards.

[Knuddi]

And I had that entry - tried to expand the template anyways but the errors are still there.

[MasterSleepy]

Hello,

Sep  9 13:18:21 gateway snort: database: mysql_error: Warning:  Some non-transactional changed tables couldn't be rolled back SQL=ROLLBACK

that message is pretty strange, did you upgrade your mysql server??

Regards.

[Knuddi]

Not as far as I know - I am running 3.23.56.

Should I uninstall everything and try again?

[MasterSleepy]

Yes maybe it is the best solution.

[Cyrus]

So can anyone tell me where I can download the version of guardian which will work on this installation please?

I have had a quick search and cant seem to find it anywhere?

Thanks,

Cyrus

[MasterSleepy]

Hello,

I use trevor-mitel-guardian-1.0-2.noarch.rpm.
You can find it Here

Regards.

[Knuddi]

MasterSleepy,

Are you running 6.0.x? Do you know what has changed to the 2.0.1 which is also present in that location? It is supposed to be for 5.6

[MasterSleepy]

I still running a 5.6.
But guardian is perl script so it have to work on 6.x.
on my 5.6 I have change startup script for

Code: [Select]


#!/bin/sh
#
# guardiand         Start/Stop the Guardian daemon.
#
# chkconfig: 2345 40 60

# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
  start)
        echo -n "Starting guardian daemon: "
        daemon guardiand -c /etc/guardian.conf
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/guardian
        ;;
  stop)
        echo -n "Stopping guardian daemon: "
        killproc guardiand
        RETVAL=$?
        rm -f /var/lock/subsys/guardian && rm -f /var/lock/guardian
        echo
        ;;
  status)
        status guardiand
        RETVAL=$?
        ;;
  restart)
        $0 stop
        $0 start
        RETVAL=$?
        ;;
  *)
        echo "Usage: $0 {start|stop|status|restart}"
        exit 1
esac

exit 0


So I havea better control of the process.

If you have dyn IP adress you have to had restart of guardiand service after renew of IP.

regards.

[Cyrus]

Hello,

I use trevor-mitel-guardian-1.0-2.noarch.rpm.
You can find it Here

Regards.

Thanks for that, muchly appreciated!

[doyen]

Snort is installed and running well on SME 6.0.1, however when graphs are pulled from ACID they stop at year 2004. SME-snort-2.3-2.1 & sme-acid-0.2-1 installed no problems. Is there a more recent file for sme-acid or are the graph parameters originating from another rpm? Any assistance would be greatly appreciated - gt

[mudra]

I have snort up and running well, BUT the graphs do not go past 2004, just like the previous contributor.

Anyone have a workaround, OR know if it is possible to install BASE on SME SERVER 6.5rc1.

TIA

Mudra

[Curly]

(a bit late)

I've editted two files to include more years, both of them in the directory /opt/administration/acid. The two files are acid_graph_form.php and acid_stat_time.php. Somewhere inside is an array with the years, I changed them so now I can select the years 2003 through 2008.