Re: Snort/mysql & portscanning outpout

[Steve Wingate <steve () velosystems net>]

I've made an adjustment so now I'm using this configuration:
output database: alert, mysql, user=snort dbname=dbname password=mypassword host=127.0.0.1 sensor_name=1

So far it hasn't seem to have made a difference, at least after initiating a portscan from www.grc.com. It stopped 
logging to the file but I still don't see anything registering in the database. Is there any harm to using all three 
options? like so:

output database: alert, log, mysql, user=snort dbname=dbname password=mypassword host=127.0.0.1 sensor_name=1


On Tue, 11 Dec 2001 15:28:39 -0800 (PST)
"Erek Adams" <erek () theadamsfamily net> wrote:

> On Tue, 11 Dec 2001, Steve Wingate wrote:
>
> > I am running snort 1.8.3 logging to mysql 3.23.41 on OpenBSD 2.9, all on
> > the same box. I also have ACID acid-0.9.6b19 and demarc-1.05-stable for
> > viewing output.  Everything seems fine except portscans are getting logged
> > to portscan.log but not the database, it seems. I never see any reports of
> > portscan activity from either acid nor demarc, yet the portscan.log shows
> > them.  Is there something I need to change to see portscans in the DB
> > reports? My configuration is pretty generic, basically following the
> > instructions on the demarc site for setting up each piece of the pie.
>
> http://acidlab.sourceforge.net/acid_faq.html#faq_b7
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users