Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snortcenter + Acid + MySQL + $portscan_file

From: "Read, Andrew" <andrew.read () nz teletech com>
Date: Thu, 27 Feb 2003 08:57:10 +1300

Hi All

I'd like to be able to display portscan information in ACID.

Can I specify I remote portscan_file variable value on my ACID/Apache/MySQL
server.
I am currently using 1 remote sensor.

Or am I going about this the wrong way?

From Acid FAQ:

ACID provides a limited solution to this issue by providing the capability
to browse a single portscan.log log file from the IP statistics page
(acid_stat_ipaddr.php). The portscan log file read by ACID is set with the
$portscan_file configuration variable. Note that this port information
extracted from the log file is never imported into the database. Rather,
file parsing is done on demand to extract and present the relevant
information. Thus, it is not possible to search on IP addresses or ports
found in this file.
Regards,

Andrew


----------------------------------------
Andrew Read
Network Administrator 
TeleTech Limited - New Zealand
E-mail:       andrew.read () nz teletech com
Voice:        64 9 529 3083
Fax:  64 9 529 3543
-----------------------------------------



************************************************************
The information contained in this email is confidential and
may be legally privileged. If the reader of this message is
not the intended recipient you are hereby notified that any
use, dissemination, distribution, or reproduction of this 
message is prohibited. If you have received this message in
error please notify the sender and delete all copies of this
message including any attachments it may contain.
The email or its content does not necessarily represent the 
views of the company.
************************************************************


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: