Snort mailing list archives

Re: Portscan not logging

From: Mike Macias <mike.macias () caci-nsg com>
Date: Tue, 28 May 2002 08:32:38 -0400

output database: alert, mysql, user=snort password=***** dbname=snorthost=localhost
~and~
preprocessor portscan: $HOME_NET 4 3 portscan.log

Should the second line be changed to log them to the database as well orshould portscan detections go to the database based on the first line?


Nope.  It should go to your DB with just alert on.

Is your site busy? How long have you been running it in this config.without seeing any results?



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscan not logging Ed Kasky (May 27)
- Re: Portscan not logging Mike Macias (May 28)
  - Re: Portscan not logging ed (May 28)
  - Re: Portscan not logging Ed Kasky (May 28)