Re: portscans and acid

["Basil Saragoza" <snortlst () hotmail com>]

I got it, so I have first to log those portscans to mysql and then they will
be displayed in acid, rigth?
Just wonder - if this is the case then what's tghe point of supplying path
to portscan.log file in acid config file?
----- Original Message -----
From: "Roman Danyliw" <roman () danyliw com>
To: "Basil Saragoza" <snortlst () hotmail com>
Cc: <snort-users () lists sourceforge net>
Sent: Wednesday, March 13, 2002 8:46 PM
Subject: Re: [Snort-users] portscans and acid


> Are you logging to the database?  ACID will not display events not logged
in the
> database.  It has limited ability to parse the portscan.log file, but
these
> events will not appear like "normal" events.  See Question #B7 of the ACID
FAQ:
> http://acidlab.sourceforge.net/acid_faq.html#faq_b7
>
> cheers,
> Roman
>
> On Wed, 13 Mar 2002 11:53:12 -0500, "Basil Saragoza"
<snortlst () hotmail com> wrote :
> > I configured acid to look int he /var/log/snort/portscan.log file for
port
> > scans....nothing is displayed for the whole week. Actually nothing was
> > displayed in portscan acid field since the installation.
> > portscan.log contains a lot of entries and I wonder what prevents acid
from
> > displaying it.
> > acid b20, snort 1.8.3 on rh7.2
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users