portscan logging to DB??

[Steven Crandell <steven.crandell () gmail com>]

Hi all,

I'm sure I'm just missing the doc that tells me how to do this, but
try as I might, I can't find it.
I'm trying to find a way to get the alerts generated by this line in
my snort.conf
"preprocessor portscan: xxx.xxx.xxx.xxx/24 5 7 /var/log/snort/alert"
to log to the database in addition to the file specified.  

I'm also wondering about the flow-portscan preprocessor output.  
I have: "output-mode msg"
but does this mean that anything that the flow-portscan detects goes
to the db or some other place?


It may be worth noting that I have these two lines in my conf also.  
output alert_fast: alert
output database: log, mysql, user=<dbuser> password=<pass> dbname=<db>
host=localhost

I'm not sure if one or the other of them becomes a default output
method or something.  Any recommendations would be greatly
appreciated.

thanks,
-- 
Steven Crandell
steven.crandell () gmail com


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users