Snort mailing list archives
Re: Snort/mysql & portscanning outpout
From: Steve Wingate <steve () velosystems net>
Date: Tue, 11 Dec 2001 20:47:16 -0800
I've made an adjustment so now I'm using this configuration: output database: alert, mysql, user=snort dbname=dbname password=mypassword host=127.0.0.1 sensor_name=1 So far it hasn't seem to have made a difference, at least after initiating a portscan from www.grc.com. It stopped logging to the file but I still don't see anything registering in the database. Is there any harm to using all three options? like so: output database: alert, log, mysql, user=snort dbname=dbname password=mypassword host=127.0.0.1 sensor_name=1 On Tue, 11 Dec 2001 15:28:39 -0800 (PST) "Erek Adams" <erek () theadamsfamily net> wrote:
On Tue, 11 Dec 2001, Steve Wingate wrote:I am running snort 1.8.3 logging to mysql 3.23.41 on OpenBSD 2.9, all on the same box. I also have ACID acid-0.9.6b19 and demarc-1.05-stable for viewing output. Everything seems fine except portscans are getting logged to portscan.log but not the database, it seems. I never see any reports of portscan activity from either acid nor demarc, yet the portscan.log shows them. Is there something I need to change to see portscans in the DB reports? My configuration is pretty generic, basically following the instructions on the demarc site for setting up each piece of the pie.http://acidlab.sourceforge.net/acid_faq.html#faq_b7 ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/mysql & portscanning outpout Steve Wingate (Dec 11)
- Re: Snort/mysql & portscanning outpout Erek Adams (Dec 11)
- Re: Snort/mysql & portscanning outpout Steve Wingate (Dec 11)
- <Possible follow-ups>
- RE: Snort/mysql & portscanning outpout Ronneil Camara (Dec 11)
- Re: Snort/mysql & portscanning outpout Erek Adams (Dec 11)