Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: ACID Reporting and Portscans

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 7 Aug 2002 07:11:22 +0200
Joe,

I suppose you have output database: log ... in snort.conf. Switch to output
database: alert ... and it should work.

HTH,
Sandro


Well, Now Im totaly confused. I am logging to the syslog AND 
to MySQL (For Acid), and in the syslog, Im getting:
Aug  6 13:21:23 wolfserver snort: spp_portscan: portscan 
status from <ip Address>: 1 connections across 1 hosts: 
TCP(1), UDP(0)  , but in Acid, Im not seeing that. The 
portscan.log file has these permissions:

-rw-rw-r--    1 root     root        67691 Aug  6 13:22 portscan.log

Any Ideas why its not showing up in Acid?

Thanks

Joe




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: