RE: Portscan Preprocessor...

[Steve Halligan <agent33 () geeksquad com>]

> Hi all.
>
> Just updated snort from 1.7 to 1.8beta something last week. I used to
> log alerts into a MySQL database which schema came with snort tarball.
> With 1.7 I saw portscan reports logged into the DB, but now with 1.8 I
> do not see anything logged from this preprocessor.
> The link to Patrick Mullen homepage seems to be broken and I just
> wondered how I have to specify snort to log this preprocessor's result
> into the DB. Seems that "preprocessor portscan 4 3 $HOME_NET " does
> nothing...
>
> Thanks.

To quote myself "This really needs to be in the FAQ"
To quote others "

> > output database: log, mysql, user=snort dbname=snort host=localhost
>                    ^^^
> Change this to 'alert'.  In the CVS version of Snort, the portscan
> plugin calls all output plugins registered as type 'alert' rather then
> 'log'.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users