I have snort running on rh 8.0 with mysql and acid. Two days ago for seemingly no reason I am no longer getting alerts showing up when checking acid. I have no problem browsing the old alerts, which leads me to believe that acid, apache, and mysql are working correctly. My question is; what is the best way to determine is snort is actually working? If I ps -ef |Grep snort I get that the snort process is up and runing. Are there log files that would show snort errors? I checked /var/log/messages and nothing out of the ordinary is present. Thanks for the help.

Best way to troubleshoot Snort running IMHO would be to run Snort in verbose and test mode and check the output. Best way to troubleshoot Snort functioning IMHO would be to test the rules and run a remote (nmap/webbased/nessusd) system scan against it.

Remember upgrading Snort and rules automagically is NOT necessarily SAFE. Snort is worked on constantly and the Snort crew has been known to fsck up on a few occasions (like releasing sigs that would only work with the latest greatest release). If you're running Snort in a corporate setting, I would suggest you test sigs on a staging server and only distribute to sensors when verified OK.