[Snort-sigs] PortScan Logs

Keen Joseph A1C HQ SSG/XOIN Joseph.Keen at ...394...
Fri Sep 19 13:54:22 EDT 2003


you have to check the alert settings in the snort.conf 
the line should look like this :
 
output database: alert, mysql, user=**** password=***** dbname=********
host=****** 
 
I found it in the book that preprocessors wont log to the database that
you pull your stuff from with acid, unless you have it set to alert. The
only problem that I have found with this is I  do not get a log file
now. the var/log/snort/alert file doesn't receive anything anymore.
 

					Keen, Joseph L 

 

________________________________

From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of
Jayachandran K
Sent: Tuesday, September 16, 2003 2:49 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] PortScan Logs


Hi,
          Iam not able to get the portscan logs in ACID console where as
iam able to get other TCP,ICMP,UDP alerts.What could be the problem can
anyone suggest.
 
 
Thanks & Regards
K.Jayachandran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030919/49b7af9d/attachment.html>


More information about the Snort-sigs mailing list