[Snort-devel] Portscan preprocessor output not showing up in acid with a Postgresql db

Len Burns lenb at ...122...
Sat Apr 21 23:33:35 EDT 2001


Good evening,

As per a request, I have been testing snort logging to a postgresql db
over here for several days.  I am seeing something that may be a
problem with either snort, or acid, not sure which.  I am using the
cvs version of snort, current as of last evning, April 20, the current
cvs version of acid, and postgresql-7.0.3 under NetBSD-1.5 i386.  UThe
dbs for mysql and postgresql were created from the current create
scripts in contrib.  

Now the problem: keeping all else constant, portscan data is showing
up in acid when clicking on the unique alerts link under mysql, but
not under postgresql.  It appears the data is being logged under
postgresql, because it does show up under the trafic by profiles, but
under unique alerts it does not show.  It seems about the only way in
acid to clear the portscans out is to click on the sensor from which
it came and delete all.  The portscans also are counted in the number
of unique alerts, just not displayed.

I hope I have not left anything important out of this, but if so, feel
free to holer at me.  :-)

-Len





More information about the Snort-devel mailing list