Snort mailing list archives
RE: ACID and portscan reporting
From: "Karen Marino" <kmarino () returncentral com>
Date: Tue, 16 Oct 2001 09:38:17 -0400
The FAQ says to change the output line in your snort.conf to: output database: alert, mysql, user=user dbname=snort host=localhost My question is, does this stop snort from logging to the log file and the database? I like that I have it logging to both. Sorry, I'm new to this. Karen -----Original Message----- From: roman () danyliw com [mailto:roman () danyliw com] Sent: Monday, October 15, 2001 8:05 PM To: Lists Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ACID and portscan reporting The database plugin probably has not been configured correctly to support portscans. See Question #B-7 of the ACID FAQ: http://acidlab.sourceforge.net/acid_faq.html Roman
On Wed, 19 Sep 2001, Lists wrote:I see that port scans are being logged to alert.ids, yet nothing
shows
up in ACID under portscans. All of the rules seem to be working fine. I am sure this is
probably
something simple that I am overlooking. Anybody? Ben
Keepper --------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: ACID and portscan reporting roman (Oct 15)
- <Possible follow-ups>
- RE: ACID and portscan reporting Karen Marino (Oct 16)
- RE: ACID and portscan reporting Roman Danyliw (Oct 16)