Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: prob w/ database output configuration & ACID

From: Erek Adams <erek () snort org>
Date: Thu, 27 Mar 2003 22:45:26 -0500 (EST)
On Thu, 27 Mar 2003, Rob Burris wrote:


I am having a problem with the way ACID logs the output from snort. When
I use the "log" argument in the output database configuration ACID only
logs packets and not portscans. However, when I use the "alert" argument
ACID only logs portscans and not packets. Is there a way to log both
packets logs and portscans? I am using snort 1.9 w/ ACID 0.9 and MySQL
3.23 in a Linux environment.


        http://www.theadamsfamily.net/~erek/snort/logging_methods.txt

That covers the basics of log vs. alerts.

What it doesn't cover is that the portscan or portscan2 preprocessor
doesn't include packets in it's info at all.  So the answer to your
question:  Nope.  You can't have both.  :-/

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: