Re: Spade ---What gives

[<bthaler () webstream net>]

Well, since I'm not using Acid, I would have no reason to look in the Acid FAQ's, would I?

Perhaps this should be included in the *Snort* FAQ.....oh wait, it already is...doh!
But to my own defense, this problem is listed as "Portscans are not being logged to my database", so a layperson like 
myself
wouldn't know that this is the same problem.





Sincerely,
Brad T.




----- Original Message -----
From: "Erek Adams" <erek () theadamsfamily net>
To: <bthaler () webstream net>
Cc: "James Hoagland" <hoagland () SiliconDefense com>; <snort-users () lists sourceforge net>
Sent: Wednesday, March 13, 2002 11:37 AM
Subject: Re: [Snort-users] Spade ---What gives


> On Wed, 13 Mar 2002 bthaler () webstream net wrote:
>
> > Something else I noticed: Even with my usual database output plugin enabled,
> > Snort still creates the "alert" file.
>
> Yep.  That's normal.
>
> > I grep'd this for "spp_anomsensor", and viola!  There's millions of Spade
> > alerts in there.  So evidently Spade was working properly, and it seems that
> > Snort was just not writing the spp_anomsensor alerts to the database.
>
> Nope.  Not quite.
>
> http://acidlab.sourceforge.net/acid_faq.html#faq_b7
>
> Oh, and that's a one drink penalty for the question and a one drink penalty
> for the answer.  ;-)
>
> It's amazing what you can find in the FAQ's and docs, isn't it?  ;-)
>
> Cheers!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users