Snort mailing list archives
RE: ACID and portscan reporting
From: Roman Danyliw <roman () danyliw com>
Date: Tue, 16 Oct 2001 11:28:29 -0400 (EDT)
Modifying the database logging configuration will have no effect on log file output. Roman On Tue, 16 Oct 2001, Karen Marino wrote:
The FAQ says to change the output line in your snort.conf to: output database: alert, mysql, user=user dbname=snort host=localhost My question is, does this stop snort from logging to the log file and the database? I like that I have it logging to both. Sorry, I'm new to this. Karen -----Original Message----- From: roman () danyliw com [mailto:roman () danyliw com] Sent: Monday, October 15, 2001 8:05 PM To: Lists Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ACID and portscan reporting The database plugin probably has not been configured correctly to support portscans. See Question #B-7 of the ACID FAQ: http://acidlab.sourceforge.net/acid_faq.html RomanOn Wed, 19 Sep 2001, Lists wrote:I see that port scans are being logged to alert.ids, yet nothingshowsup in ACID under portscans. All of the rules seem to be working fine. I am sure this isprobablysomething simple that I am overlooking. Anybody? BenKeepper
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: ACID and portscan reporting roman (Oct 15)
- <Possible follow-ups>
- RE: ACID and portscan reporting Karen Marino (Oct 16)
- RE: ACID and portscan reporting Roman Danyliw (Oct 16)