Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort/mysql & portscanning outpout

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Wed, 12 Dec 2001 01:32:17 -0600
I got it working too by replacing the word "log" with "alert" in
output_database. But there is one more thing that I think it's not
working. I always see UDP with 0% in ACID. Does this really work?

Thanks.

Neil

-> -----Original Message-----
-> From: Steve Wingate [mailto:steve () velosystems net]
-> Sent: Tuesday, December 11, 2001 10:47 PM
-> To: Erek Adams
-> Cc: snort-users () lists sourceforge net
-> Subject: Re: [Snort-users] Snort/mysql & portscanning outpout
-> 
-> 
-> I've made an adjustment so now I'm using this configuration:
-> output database: alert, mysql, user=snort dbname=dbname 
-> password=mypassword host=127.0.0.1 sensor_name=1
-> 
-> So far it hasn't seem to have made a difference, at least 
-> after initiating a portscan from www.grc.com. It stopped 
-> logging to the file but I still don't see anything 
-> registering in the database. Is there any harm to using all 
-> three options? like so:
-> 
-> output database: alert, log, mysql, user=snort dbname=dbname 
-> password=mypassword host=127.0.0.1 sensor_name=1
-> 
-> 
-> On Tue, 11 Dec 2001 15:28:39 -0800 (PST)
-> "Erek Adams" <erek () theadamsfamily net> wrote:
-> 
-> > On Tue, 11 Dec 2001, Steve Wingate wrote:
-> > 
-> > > I am running snort 1.8.3 logging to mysql 3.23.41 on 
-> OpenBSD 2.9, all on
-> > > the same box. I also have ACID acid-0.9.6b19 and 
-> demarc-1.05-stable for
-> > > viewing output.  Everything seems fine except portscans 
-> are getting logged
-> > > to portscan.log but not the database, it seems. I never 
-> see any reports of
-> > > portscan activity from either acid nor demarc, yet the 
-> portscan.log shows
-> > > them.  Is there something I need to change to see 
-> portscans in the DB
-> > > reports? My configuration is pretty generic, basically 
-> following the
-> > > instructions on the demarc site for setting up each 
-> piece of the pie.
-> > 
-> > http://acidlab.sourceforge.net/acid_faq.html#faq_b7
-> > 
-> > -----
-> > Erek Adams
-> > Nifty-Type-Guy
-> > TheAdamsFamily.Net
-> 
-> _______________________________________________
-> Snort-users mailing list
-> Snort-users () lists sourceforge net
-> Go to this URL to change user options or unsubscribe:
-> https://lists.sourceforge.net/lists/listinfo/snort-users
-> Snort-users list archive:
-> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-> 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: