Snort mailing list archives
Portscan not logging
From: Ed Kasky <ed () esson net>
Date: Mon, 27 May 2002 17:05:55 -0700
I am running snort version 1.8.6 and recently switched over to a mysql database for alerts with the following to start the daemon:
daemon /usr/local/bin/snort -u snort -D -c /usr/local/snort/snort.conf and from the snort.cf:output database: alert, mysql, user=snort password=***** dbname=snort host=localhost
~and~ preprocessor portscan: $HOME_NET 4 3 portscan.logNo portscan activity is getting logged to the database according to the results from acid. I used to see at least a few a week.
Should the second line be changed to log them to the database as well or should portscan detections go to the database based on the first line?
Thanks in advance for any pointers....
Ed
~~
Ed Kasky
Los Angeles, CA
. . . . . . . .
Everywhere is walking distance if you have the time.
- Steven Wright
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan not logging Ed Kasky (May 27)
- Re: Portscan not logging Mike Macias (May 28)
- Re: Portscan not logging ed (May 28)
- Re: Portscan not logging Ed Kasky (May 28)
- Re: Portscan not logging Mike Macias (May 28)