Re: Portscan not logging

[ed <ed () esson net>]

The site's not real busy, I used to see 3 or 4 scans a week...

I have been running it with mysql about 2 weeks.  It was working fine
outputting to logs.

On Tue, 28 May 2002, Mike Macias wrote:
> > output database: alert, mysql, user=snort password=***** dbname=snort 
> > host=localhost
> > ~and~
> > preprocessor portscan: $HOME_NET 4 3 portscan.log
>
> > Should the second line be changed to log them to the database as well or 
> > should portscan detections go to the database based on the first line?
>
> Nope.  It should go to your DB with just alert on.
> Is your site busy?  How long have you been running it in this config. 
> without seeing any results?

Ed Kasky
Los Angeles, CA
~~~~~~~~~~~~~~~
"If A is a success in life, then A equals x plus y plus z.
Work is x; y is play; and z is keeping your mouth shut."
~ Albert Einstein


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users