Re: prob w/ database output configuration & ACID

["Rob Burris" <robeb () keepthevibe com>]

*This message was transferred with a trial version of CommuniGate(tm) Pro*

----- Original Message -----
From: "Erek Adams" <erek () snort org>
To: "Rob Burris" <robeb () keepthevibe com>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, March 28, 2003 12:48 PM
Subject: Re: [Snort-users] prob w/ database output configuration & ACID

> That's right, but that's not what you asked...  :)

I know. Just wanted to make sure that I understood everything thus far.

> What isn't obvious:  The portscan and portscan2 preprocessors do not
> _have_ the entire packet to write to the DB.  They only have a limited
> amount of info:  src ip, src port, dst ip, dst port, and flags.  It never
> stores the data of the payload--That's why you can't ever have the payload
> (full packet) info into the database from the portscan/portscan2
> preprocessors.

I should be been a little more direct w/ my question(s)...

Why is there an option to include the path to the portscan.log file in the
acid_conf.php file?
What does it do w/ the data in this file?

These are broad questions. I know. Feel free to newbielize me.

- Rob B.

P.S. Thank for your help. You don't have obligation to reply but you do and
that is appreciated!



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users