Re: Portscans in enterprise environment

[Erek Adams <erek () snort org>]

On Tue, 21 Jan 2003, Bob Dehnhardt wrote:

> Okay, if I understand things properly (and there's a good chance I don't -
> feel free to correct me), the portscan2 preprocessor will only log to a
> file, not to a database. And ACID will only read the portscan data from one
> file.

[...snip...]

Well...  It's almost right.  :)

First thing you need to understand the difference between the alert and
log facility [0].  Once you understand that, your question will fall into
place.

Secondly, take three penalty drinks [1].  :)  4+ lines in the sig, and a
'This email...' discalimer.  ;-)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
[1]     http://www.theadamsfamily.net/~erek/snort/drinking_game.txt


-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users