Portscan Alert and Payload Logs

["D'Ambrosio, Louis" <ldambros () facnet ucla edu>]

Hi,

Been searching for two issues I have in the archives and haven't seen an answer yet.  Hopefully you guys can help.

I recently stopped getting the spp_portscan alerts in my mysql/acid configuration.  The alerts are in the portscan.log 
file but have stopped logging to mysql.
All other alerts are working fine.  Current config is set to:

preprocessor portscan: 0.0.0.0/0 5 3 portscan.log
output database: alert, mysql, user=snort password=**** dbname=snort host=localhost details=full

Also, is there any way to stop logging payload data to the log directory but leave it in mysql?   I hate having to 
clean up all the ip directories! ;)

Installed versions:  Snort 1.8.7, ACID v0.9.6b22 



> Thanks!
 



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users