Snort mailing list archives
RE: Snort/mysql & portscanning outpout
From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Wed, 12 Dec 2001 01:32:17 -0600
I got it working too by replacing the word "log" with "alert" in output_database. But there is one more thing that I think it's not working. I always see UDP with 0% in ACID. Does this really work? Thanks. Neil -> -----Original Message----- -> From: Steve Wingate [mailto:steve () velosystems net] -> Sent: Tuesday, December 11, 2001 10:47 PM -> To: Erek Adams -> Cc: snort-users () lists sourceforge net -> Subject: Re: [Snort-users] Snort/mysql & portscanning outpout -> -> -> I've made an adjustment so now I'm using this configuration: -> output database: alert, mysql, user=snort dbname=dbname -> password=mypassword host=127.0.0.1 sensor_name=1 -> -> So far it hasn't seem to have made a difference, at least -> after initiating a portscan from www.grc.com. It stopped -> logging to the file but I still don't see anything -> registering in the database. Is there any harm to using all -> three options? like so: -> -> output database: alert, log, mysql, user=snort dbname=dbname -> password=mypassword host=127.0.0.1 sensor_name=1 -> -> -> On Tue, 11 Dec 2001 15:28:39 -0800 (PST) -> "Erek Adams" <erek () theadamsfamily net> wrote: -> -> > On Tue, 11 Dec 2001, Steve Wingate wrote: -> > -> > > I am running snort 1.8.3 logging to mysql 3.23.41 on -> OpenBSD 2.9, all on -> > > the same box. I also have ACID acid-0.9.6b19 and -> demarc-1.05-stable for -> > > viewing output. Everything seems fine except portscans -> are getting logged -> > > to portscan.log but not the database, it seems. I never -> see any reports of -> > > portscan activity from either acid nor demarc, yet the -> portscan.log shows -> > > them. Is there something I need to change to see -> portscans in the DB -> > > reports? My configuration is pretty generic, basically -> following the -> > > instructions on the demarc site for setting up each -> piece of the pie. -> > -> > http://acidlab.sourceforge.net/acid_faq.html#faq_b7 -> > -> > ----- -> > Erek Adams -> > Nifty-Type-Guy -> > TheAdamsFamily.Net -> -> _______________________________________________ -> Snort-users mailing list -> Snort-users () lists sourceforge net -> Go to this URL to change user options or unsubscribe: -> https://lists.sourceforge.net/lists/listinfo/snort-users -> Snort-users list archive: -> http://www.geocrawler.com/redir-sf.php3?list=snort-users -> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/mysql & portscanning outpout Steve Wingate (Dec 11)
- Re: Snort/mysql & portscanning outpout Erek Adams (Dec 11)
- Re: Snort/mysql & portscanning outpout Steve Wingate (Dec 11)
- <Possible follow-ups>
- RE: Snort/mysql & portscanning outpout Ronneil Camara (Dec 11)
- Re: Snort/mysql & portscanning outpout Erek Adams (Dec 11)