Snort mailing list archives

Re: Portscans, alerts, and Database question

From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 14 Sep 2002 07:53:26 -0700

At 10:37 AM -0400 9/13/02, Kevin Peuhkurinen wrote:

Hi all.  I'm setting up a Snort install with one sensor in front of my
firewall and a second behind it.   The internal sensor machine also
hosts a mySQL database which both sensors log events to.

I *don't* want portscans logged to the database (I'll use SnortSnarf to
report on the portscans directly from the portscans.log file).   I
understand that if I change the database output plugin type to "log"
from "alert", the portscans won't get sent to the database.  But will
making this change affect anything else?


Spade alerts.  Probably alerts from other plug-ins too.

Best regards,

  Jim
--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscans, alerts, and Database question Kevin Peuhkurinen (Sep 13)
- Re: Portscans, alerts, and Database question James Hoagland (Sep 14)