Snort mailing list archives

Question about Snort/ACID/MySQL and portscans

From: Snow Jacob C KPWA <JacobSC () kpt nuwc navy mil>
Date: Thu, 24 Apr 2003 13:04:22 -0700

Just a curious question when you have:

 

output database: log, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

output database: alert, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

 

in the snort.conf file will you get alerts in the log file as well?

 

I have installed the service with:

 

snort /service /install -o -l d:/applications/snort/log -c
d:/applications/snort/etc/snort.conf -d -i3

 

I am wondering why none of the port scans that happen are showing up in SQL
they are showing up in a text document in the log folder.  Hwo do I
configure the port scans to go to mysql so I can view them with acid?  I am
using snort 1.91 on win2k/xp.  The alerts work fine and I can view
everything with acid, except the port scans.  I can go into the log
directory and see the port scan listing.

 

 

Thank you,

 

Jacob Snow

jacobsc () kpt nuwc navy mil <mailto:jacobsc () kpt nuwc navy mil> 

(360)315-3487

NAVSEA Intern

Current thread:

Question about Snort/ACID/MySQL and portscans Snow Jacob C KPWA (Apr 24)
- RE: Question about Snort/ACID/MySQL and portscans Michael Steele (Apr 24)
- <Possible follow-ups>
- RE: Question about Snort/ACID/MySQL and portscans Slighter, Tim (Apr 25)