Snort mailing list archives
Re: portscans and ACID
From: "Omar McKenzie" <omckenzi () nyc rr com>
Date: Fri, 22 Mar 2002 00:00:36 -0500
you don't need the first output statement ----- Original Message ----- From: Mike Macias To: snort-users () lists sourceforge net Sent: Tuesday, March 19, 2002 3:58 PM Subject: [Snort-users] portscans and ACID I've been looking through the snort users archive and found plenty of documentation on how to get ACID to see portscans. I've finally got things working, however I'm a little concerned about my solution. In snort.conf I have 2 output plugins specified: output database: log, mysql, user=snort password=abcdef dbname=snort_db host=localhost output database: alert, mysql, user=snort password=abcdef dbname=snort_db host=localhost (so that ACID can see portscans) Will having 2 outputs specified adversely affect any data in the MySQL db?
Current thread:
- portscans and acid Basil Saragoza (Mar 13)
- <Possible follow-ups>
- RE: portscans and acid Chris Eidem (Mar 13)
- Re: portscans and acid Roman Danyliw (Mar 13)
- Re: portscans and acid Basil Saragoza (Mar 14)
- portscans and ACID Mike Macias (Mar 19)
- Re: portscans and ACID Omar McKenzie (Mar 21)