snort/ACID portscan display

[Kate Hagen <katehagenuk () yahoo co uk>]

I am running snort 1.8.3 on mandrake 8.1 with ACID
v0.9.6b19 and MySQL 3.23.41.

Portscans appear in the ACID display, but when I click
on the IP address, no list of portscans associated
with that IP address appear.

I read a newsgroup post dated several months back that
ACID does not log portscans properly and that the
portscan is not actually coming from the IP address it
appears to be coming from (according to the ACID
display).  However, when I read the Snort portscan.log
itself, the portscans actually do appear to be coming
from the IP addresses that ACID claims they are coming
from.  From what little knowledge I have of php, it
appears that ACID is actually logging the source IP
correctly.  But why can I not display a list of all
portscans by source IP?

I have looked all over for more information about this
and haven't found anything (RTFM, google, snort.org). 
I have been reading this list for a while and haven't
seen it mentioned, although it is quite possible I
missed it.  

Thanks for your time.


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users