Snort mailing list archives
Re: portscans and acid
From: "Basil Saragoza" <snortlst () hotmail com>
Date: Thu, 14 Mar 2002 12:09:53 -0500
I got it, so I have first to log those portscans to mysql and then they will be displayed in acid, rigth? Just wonder - if this is the case then what's tghe point of supplying path to portscan.log file in acid config file? ----- Original Message ----- From: "Roman Danyliw" <roman () danyliw com> To: "Basil Saragoza" <snortlst () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, March 13, 2002 8:46 PM Subject: Re: [Snort-users] portscans and acid
Are you logging to the database? ACID will not display events not logged
in the
database. It has limited ability to parse the portscan.log file, but
these
events will not appear like "normal" events. See Question #B7 of the ACID
FAQ:
http://acidlab.sourceforge.net/acid_faq.html#faq_b7 cheers, Roman On Wed, 13 Mar 2002 11:53:12 -0500, "Basil Saragoza"
<snortlst () hotmail com> wrote :
I configured acid to look int he /var/log/snort/portscan.log file for
port
scans....nothing is displayed for the whole week. Actually nothing was displayed in portscan acid field since the installation. portscan.log contains a lot of entries and I wonder what prevents acid
from
displaying it. acid b20, snort 1.8.3 on rh7.2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscans and acid Basil Saragoza (Mar 13)
- <Possible follow-ups>
- RE: portscans and acid Chris Eidem (Mar 13)
- Re: portscans and acid Roman Danyliw (Mar 13)
- Re: portscans and acid Basil Saragoza (Mar 14)
- portscans and ACID Mike Macias (Mar 19)
- Re: portscans and ACID Omar McKenzie (Mar 21)