RE: Mult snort instances and portscan logging

["Stephen Shepherd" <drew600_1999 () yahoo com>]

Okay I will give that a try.  I suppose that that multiple portscan logs are
on the list for future updates.  Or hopefully spp_portscan will be updated
soon.

One note ,in case someone has not mentioned it, it would be nice if the port
numbers on the various port summary pages were clickable for port DB lookup.

BTW I am helping Lee test Charlie's MS SQL version.  Aside from some time
sorting issues in a few screens everything looks good.  I am really glad to
have ACID running.  Your software makes investigating alerts very doable.
Thanks for all the hard work.  If there is anything I can do on the MS front
just let me know..

-----Original Message-----
From: roman () danyliw com [mailto:roman () danyliw com]
Sent: Thursday, October 25, 2001 18:40
To: Stephen Shepherd
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Mult snort instances and portscan logging


On Thu, 25 Oct 2001, Stephen Shepherd wrote:

[snip]

> Could I just concatenate them and reference the combined file in ACID, or
do
> the entries need to be in chronological order?

Concatenating the log is not a problem.

Roman



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users