Re: prob w/ database output configuration & ACID

[Erek Adams <erek () snort org>]

On Fri, 28 Mar 2003, Rob Burris wrote:

> I know. Just wanted to make sure that I understood everything thus far.

Cool.  You're on the money.

> I should be been a little more direct w/ my question(s)...
>
> Why is there an option to include the path to the portscan.log file in the
> acid_conf.php file?
> What does it do w/ the data in this file?

Well, I don't have an ACID Box setup right now, so I'm having to just wing
it.  Anyone who feels the need, please jump in...

ACID uses that to do 'some parsing' of the data.  It doesn't store the
info in the DB, but it does use it to generate some stats so you can get
some use out of that data.  From ACID's changelog:

   - [03/09/2003] rdd
     - acid_stat_common.php (PortscanPktCnt): detect spp_portscan2
       events correctly

> These are broad questions. I know. Feel free to newbielize me.

That was a broad answer.  :)

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users