Snort mailing list archives
Re: Portscans in enterprise environment
From: Erek Adams <erek () snort org>
Date: Tue, 21 Jan 2003 22:09:48 -0500 (EST)
On Tue, 21 Jan 2003, Bob Dehnhardt wrote:
Okay, if I understand things properly (and there's a good chance I don't - feel free to correct me), the portscan2 preprocessor will only log to a file, not to a database. And ACID will only read the portscan data from one file.
[...snip...] Well... It's almost right. :) First thing you need to understand the difference between the alert and log facility [0]. Once you understand that, your question will fall into place. Secondly, take three penalty drinks [1]. :) 4+ lines in the sig, and a 'This email...' discalimer. ;-) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/logging_methods.txt [1] http://www.theadamsfamily.net/~erek/snort/drinking_game.txt ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscans in enterprise environment Bob Dehnhardt (Jan 21)
- Re: Portscans in enterprise environment Erek Adams (Jan 21)