snort installed to normal operation after the procedure, but I used nmap scanning when there is no log record, mysql to work, but no data is written into the snort. acid can not produce images visit.


snort installed on the server Cpanel/WHM

IMO, you need to know what the exact issue is. Is it with Snort? MySQL?

1. MySQL issues tend to be due to user permissions issues (if its even running), so check to see if you're using the correct password (or if you're supplying a password when the service is set up to not use one...if this is the case, don't supply a password, [fix the service later]).

2. Check to see if Snort is running in daemon mode.

3. Run snort in the foreground, then do your scan. Your scan should output to screen.

4. Use netstat to check MySQL connections.

5. Run tcpdump to look for MySQL traffic (or leverage Snort in sniff mode).

6. Even if Snort is running properly, it may not be configured to detect port scans (I had to play with my snort.conf file to get this working). You can attempt to trigger a web-based alert by putting the following in your browser: http://a-web-server/cmd.exe or http://a-web-server/root.exe. I used to use this method all the time at my workplace to ensure that an IDS was functioning properly. This should work if you've Nimda and Codered sigs enabled on the Snort sensor and if you're actually sniffing for web-based traffic.