Snort mailing list archives
Re: Snort Enterprise Implementation
From: "larc" <larc () pandora be>
Date: Mon 13 Jan 2003 15:19:48 +0100
Hi, This is from the snort faq: Q: Portscans are not being logged to my database A: You need to change the output facility to 'alert' rather then 'log'. The portscan preprocessor calls output plugins registered as 'alert' plugins rather then 'log'. output database: alert, mysql, user=snort dbname=snort host=localhost Regards, Stefan D. ------------------------ Greg Adams <adamsg () nih gov> wrote: ------------------------ I have setup an "Snort Enterprise Implementation". I used the
documentation prepared by Steven J. Scoot. (http://www.superhac.com) I have set up the two linux servers, one acting as a server for ACID, apache, MySQL Database, and SnortCenter, the second linux box is setup as a Snort Sensor only. I have been seccessfuly in setup the two servers and see events being recorded for the fields TCP, UDP, ICMP of the Analysis Console for Intrusion Databases (ACID); however, the precent for Portscan Traffic remains at zero ACID. The snort sensor server show data being recorded to alert and scan.log file. Does anyone have any insite as to what I may have missed in the configuration to cause the Portscan Traffic to remain at zero. Greg Adams ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Enterprise Implementation Greg Adams (Jan 13)
- Re: Snort Enterprise Implementation Jens Krabbenhoeft (Jan 13)
- Re: Snort Enterprise Implementation Dustin Decker (Jan 13)
- <Possible follow-ups>
- Re: Snort Enterprise Implementation larc (Jan 13)
- RE: Snort Enterprise Implementation Hicks, John (Jan 13)