Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Enterprise Implementation

From: Greg Adams <adamsg () nih gov>
Date: Mon, 13 Jan 2003 08:07:05 -0500
I have setup an "Snort Enterprise Implementation".  I used the
documentation prepared by Steven J. Scoot. (http://www.superhac.com) I
have set up the two linux servers, one acting as a server for ACID,
apache, MySQL Database, and SnortCenter, the second linux box is setup
as a Snort Sensor only.

I have been seccessfuly in setup the two servers and see events being
recorded for the fields TCP, UDP, ICMP  of the Analysis Console for
Intrusion Databases (ACID); however, the precent for Portscan Traffic
remains at zero ACID.

The snort sensor server show data being recorded to alert and scan.log
file.

Does anyone have any insite as to what I may have missed in the
configuration to cause the Portscan Traffic to remain at zero.
Greg Adams




-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: