Newbie question

[Jim Starke <jstarke () ptd net>]

I compiled snort with the mysql settings and have set up the database in
mysql and snort is running. I can run it with the -v flag and I see data
transferring.

Here is the command line I am using to start snort.
/var/snort/bin/snort -N -t /var/snort -u snort -g snort -c
/etc/snort.conf -z est -l /log -i eth1 -D

This is the line I have in my rc.firewall file.
/sbin/ipchains -A ppp-in -j REJECT -p TCP --dport 3306

So far I haven't had anyone scan my computer so I can't verify if they
did whether or not snort would log it to the sql database or not.

I am on a cable modem and I can see in the alert file that one of my
"neighbors" is scanning for 8080, 23, 3128 and a few other ports on
machines out on the net. However, snort isn't logging this to the mysql
database. Should it be logging this or not?

-- 
Quidquid latine dictum sit, altum viditur.
http://www.jcsmall.com/homepage

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users