[Snort-sigs] PortScan Logs
Keen Joseph A1C HQ SSG/XOIN
Joseph.Keen at ...394...
Fri Sep 19 13:54:22 EDT 2003
you have to check the alert settings in the snort.conf
the line should look like this :
output database: alert, mysql, user=**** password=***** dbname=********
I found it in the book that preprocessors wont log to the database that
you pull your stuff from with acid, unless you have it set to alert. The
only problem that I have found with this is I do not get a log file
now. the var/log/snort/alert file doesn't receive anything anymore.
Keen, Joseph L
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of
Sent: Tuesday, September 16, 2003 2:49 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] PortScan Logs
Iam not able to get the portscan logs in ACID console where as
iam able to get other TCP,ICMP,UDP alerts.What could be the problem can
Thanks & Regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs