Snort mailing list archives
Re: Portscan not logging
From: ed <ed () esson net>
Date: Tue, 28 May 2002 07:18:34 -0700 (PDT)
The site's not real busy, I used to see 3 or 4 scans a week... I have been running it with mysql about 2 weeks. It was working fine outputting to logs. On Tue, 28 May 2002, Mike Macias wrote:
output database: alert, mysql, user=snort password=***** dbname=snort host=localhost ~and~ preprocessor portscan: $HOME_NET 4 3 portscan.logShould the second line be changed to log them to the database as well or should portscan detections go to the database based on the first line?Nope. It should go to your DB with just alert on. Is your site busy? How long have you been running it in this config. without seeing any results?
Ed Kasky Los Angeles, CA ~~~~~~~~~~~~~~~ "If A is a success in life, then A equals x plus y plus z. Work is x; y is play; and z is keeping your mouth shut." ~ Albert Einstein _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan not logging Ed Kasky (May 27)
- Re: Portscan not logging Mike Macias (May 28)
- Re: Portscan not logging ed (May 28)
- Re: Portscan not logging Ed Kasky (May 28)
- Re: Portscan not logging Mike Macias (May 28)