RE: Question about Snort/ACID/MySQL and portscans

["Michael Steele" <michaels () silicondefense com>]

Jacob,

 

Remove the 'output database alert .' line. By using 'output database log
.' you will be outputting to both types of logging (alert and log), and
yes it use the log file.

-Michael
--
 Michael Steele | System Engineer / Support Technician    
 mailto:michaels () silicondefense com   
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Snow Jacob
C KPWA
Sent: Thursday, April 24, 2003 1:04 PM
To: 'snort-users () lists sourceforge net'; 'Michael Steele'
Subject: [Snort-users] Question about Snort/ACID/MySQL and portscans

 

Just a curious question when you have:

 

output database: log, mysql, user=snort1 password=test_snort
dbname=snort host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

output database: alert, mysql, user=snort1 password=test_snort
dbname=snort host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

 

in the snort.conf file will you get alerts in the log file as well?

 

I have installed the service with:

 

snort /service /install -o -l d:/applications/snort/log -c
d:/applications/snort/etc/snort.conf -d -i3

 

I am wondering why none of the port scans that happen are showing up in
SQL they are showing up in a text document in the log folder.  Hwo do I
configure the port scans to go to mysql so I can view them with acid?  I
am using snort 1.91 on win2k/xp.  The alerts work fine and I can view
everything with acid, except the port scans.  I can go into the log
directory and see the port scan listing.

 

 

Thank you,

 

Jacob Snow

jacobsc () kpt nuwc navy mil

(360)315-3487

NAVSEA Intern