Snort mailing list archives
Snortcenter + Acid + MySQL + $portscan_file
From: "Read, Andrew" <andrew.read () nz teletech com>
Date: Thu, 27 Feb 2003 08:57:10 +1300
Hi All I'd like to be able to display portscan information in ACID. Can I specify I remote portscan_file variable value on my ACID/Apache/MySQL server. I am currently using 1 remote sensor. Or am I going about this the wrong way?
From Acid FAQ:
ACID provides a limited solution to this issue by providing the capability to browse a single portscan.log log file from the IP statistics page (acid_stat_ipaddr.php). The portscan log file read by ACID is set with the $portscan_file configuration variable. Note that this port information extracted from the log file is never imported into the database. Rather, file parsing is done on demand to extract and present the relevant information. Thus, it is not possible to search on IP addresses or ports found in this file. Regards, Andrew
---------------------------------------- Andrew Read Network Administrator TeleTech Limited - New Zealand E-mail: andrew.read () nz teletech com Voice: 64 9 529 3083 Fax: 64 9 529 3543 -----------------------------------------
************************************************************ The information contained in this email is confidential and may be legally privileged. If the reader of this message is not the intended recipient you are hereby notified that any use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error please notify the sender and delete all copies of this message including any attachments it may contain. The email or its content does not necessarily represent the views of the company. ************************************************************ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snortcenter + Acid + MySQL + $portscan_file Read, Andrew (Feb 27)