ACID / SnortSnarf

["Fred McFeeters" <nfolink () hotmail com>]

Hello

 

I currently have working 2 snort sensors one on my firewall and one inside
the firewall with a MySql and web server with acid on another pc. Now I have
seen snortsnarf and thought it was pretty lame but it did do one thing I
can't figure out how to do in acid. When it detected a port scan snortsnarf
allows me to see every port that they tried to connect to I get a list of
there scan so I can get some kind of idea what they where looking for. Any
one knows how to do this with acid when my sensors are located on sepearte
machines so I don't have access to the portscan.log file.