Snort mailing list archives
AW: ACID Reporting and Portscans
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 7 Aug 2002 07:11:22 +0200
Joe, I suppose you have output database: log ... in snort.conf. Switch to output database: alert ... and it should work. HTH, Sandro
Well, Now Im totaly confused. I am logging to the syslog AND to MySQL (For Acid), and in the syslog, Im getting: Aug 6 13:21:23 wolfserver snort: spp_portscan: portscan status from <ip Address>: 1 connections across 1 hosts: TCP(1), UDP(0) , but in Acid, Im not seeing that. The portscan.log file has these permissions: -rw-rw-r-- 1 root root 67691 Aug 6 13:22 portscan.log Any Ideas why its not showing up in Acid? Thanks Joe
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: ACID Reporting and Portscans Poppi, Sandro (Aug 06)