Snort mailing list archives
Re: prob w/ database output configuration & ACID
From: "Rob Burris" <robeb () keepthevibe com>
Date: Fri, 28 Mar 2003 14:17:21 -0700
*This message was transferred with a trial version of CommuniGate(tm) Pro* ----- Original Message ----- From: "Erek Adams" <erek () snort org> To: "Rob Burris" <robeb () keepthevibe com> Cc: <snort-users () lists sourceforge net> Sent: Friday, March 28, 2003 12:48 PM Subject: Re: [Snort-users] prob w/ database output configuration & ACID
That's right, but that's not what you asked... :)
I know. Just wanted to make sure that I understood everything thus far.
What isn't obvious: The portscan and portscan2 preprocessors do not _have_ the entire packet to write to the DB. They only have a limited amount of info: src ip, src port, dst ip, dst port, and flags. It never stores the data of the payload--That's why you can't ever have the payload (full packet) info into the database from the portscan/portscan2 preprocessors.
I should be been a little more direct w/ my question(s)... Why is there an option to include the path to the portscan.log file in the acid_conf.php file? What does it do w/ the data in this file? These are broad questions. I know. Feel free to newbielize me. - Rob B. P.S. Thank for your help. You don't have obligation to reply but you do and that is appreciated! ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- prob w/ database output configuration & ACID Rob Burris (Mar 27)
- Re: prob w/ database output configuration & ACID Erek Adams (Mar 27)
- Re: prob w/ database output configuration & ACID Rob Burris (Mar 28)
- Re: prob w/ database output configuration & ACID Erek Adams (Mar 28)
- Re: prob w/ database output configuration & ACID Rob Burris (Mar 28)
- Re: prob w/ database output configuration & ACID Erek Adams (Mar 28)
- Re: prob w/ database output configuration & ACID Rob Burris (Mar 28)
- Re: prob w/ database output configuration & ACID Erek Adams (Mar 27)