Clarification on Portscans using BASE and not creating a portscan.log file?

["Michael Steele" <michaels () winsnort com>]

I was just wondering about viewing portscans in BASE:

I've directed snort to use unified2 logging, and I'm not directing Snort to
create a portscan.log file. Barnyard2 is sending portscans to the database
and BASE is able to view them.

Using the output database option I was creating the portscan.log file and I
was setting the option in the BASE console to direct it to use that logfile.

I'm wondering what effect it's having by not allowing BASE to read the
portscan.log?

What's BASE really doing with the alerts from the portscan.log?
 
Kindest regards,
Michael...



------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!