Snort mailing list archives

Re: portscans and ACID

From: "Omar McKenzie" <omckenzi () nyc rr com>
Date: Fri, 22 Mar 2002 00:00:36 -0500

you don't need the first output statement
  ----- Original Message ----- 
  From: Mike Macias 
  To: snort-users () lists sourceforge net 
  Sent: Tuesday, March 19, 2002 3:58 PM
  Subject: [Snort-users] portscans and ACID

  I've been looking through the snort users archive and found plenty of documentation on how to get ACID to see 
portscans.  I've finally got things working, however I'm a little concerned about my solution.  In snort.conf I have 2 
output plugins specified:

  output database: log, mysql, user=snort password=abcdef dbname=snort_db host=localhost 
  output database: alert, mysql, user=snort password=abcdef dbname=snort_db host=localhost (so that ACID can see 
portscans)

  Will having 2 outputs specified adversely affect any data in the MySQL db?

Current thread:

portscans and acid Basil Saragoza (Mar 13)
- <Possible follow-ups>
- RE: portscans and acid Chris Eidem (Mar 13)
- Re: portscans and acid Roman Danyliw (Mar 13)
  - Re: portscans and acid Basil Saragoza (Mar 14)
- portscans and ACID Mike Macias (Mar 19)
  - Re: portscans and ACID Omar McKenzie (Mar 21)