Snort mailing list archives
RE: Acid Database Logs
From: Kenny D <bitored2002 () yahoo com au>
Date: Fri, 1 Mar 2002 05:16:57 +1100 (EST)
Thats what i want but i lose the emailing functionality of idscenter because of it. Maybe something for a future release. Thanks for your help. --- "McGuire, Barrett" <BCMcGuire () esunola uscg mil> wrote: > Correct. At least that is how it works for me.
Have also seen discussion on the same subject w/ the same answers. What it comes down to is: Do you want Acid to display portscans. If yes, the output database must be "alert" and in doing that you lose your log file, but all snort output is logged to the database. -----Original Message----- From: Kenny D [mailto:bitored2002 () yahoo com au] Sent: Thursday, February 28, 2002 12:06 PM To: McGuire, Barrett Cc: snort users Subject: RE: [Snort-users] Acid Database Logs Thanks, So with alert i will never have anything in my log file? --- "McGuire, Barrett" <BCMcGuire () esunola uscg mil> wrote: > Ran into same thing. When output database commandis "alert", nothing will show up in log file. when output database command is "log" you will see the alert in the log and in Acid. this is by design. If you do not use the output database "alert",yourportscans will not show up in Acid. I use the output database "alert", so that my portscans will show up in Acid. bcmcg -----Original Message----- From: Kenny D [mailto:bitored2002 () yahoo com au] Sent: Thursday, February 28, 2002 10:24 AM To: snort users Subject: [Snort-users] Acid Database Logs Hi, I have setup snort logging to Acid and havenoticedsomething strange. When i view the page localhost\Acid\index.html i notice from time totimealerts being logged. However these alrtsdo notraisea snort alarm,(iuse idscenter to send myself anemail)and nothing is logged in my alert.log file. I use the output database command with the alert option not log. Why does this happen? Shouldnt igetan alert on snort? Hope someone can help. Rgds. http://movies.yahoo.com.au - Yahoo! Movies - Vote for your nominees in our online Oscarspool._______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
http://movies.yahoo.com.au - Yahoo! Movies - Vote for your nominees in our online Oscars pool.
http://movies.yahoo.com.au - Yahoo! Movies - Vote for your nominees in our online Oscars pool. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid Database Logs Kenny D (Feb 28)
- Port scan and MISC Large ICMP Packet CGI (Mar 04)
- Re: Port scan and MISC Large ICMP Packet John Sage (Mar 04)
- <Possible follow-ups>
- RE: Acid Database Logs Kenny D (Feb 28)
- RE: Acid Database Logs Kenny D (Feb 28)
- Port scan and MISC Large ICMP Packet CGI (Mar 04)