Snort mailing list archives
Re: Portscans, alerts, and Database question
From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 14 Sep 2002 07:53:26 -0700
At 10:37 AM -0400 9/13/02, Kevin Peuhkurinen wrote:
Hi all. I'm setting up a Snort install with one sensor in front of my firewall and a second behind it. The internal sensor machine also hosts a mySQL database which both sensors log events to. I *don't* want portscans logged to the database (I'll use SnortSnarf to report on the portscans directly from the portscans.log file). I understand that if I change the database output plugin type to "log" from "alert", the portscans won't get sent to the database. But will making this change affect anything else?
Spade alerts. Probably alerts from other plug-ins too. Best regards, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscans, alerts, and Database question Kevin Peuhkurinen (Sep 13)
- Re: Portscans, alerts, and Database question James Hoagland (Sep 14)