[Snort-users] database logging of portscans

Jed Pickel jed at ...153...
Wed Nov 8 18:30:00 EST 2000


> The CVS version of snort logs portscans to a file called portscan.log.  Is
> there a way to make it log the portscans to the database like everything
> else?

As things stand right now, you need to connect the database plugin to
the "alert" facility to log the portscan messages. Thus the first
parameter of your config should be alert instead of log. That will
work, but the portscan data is currently unstructured so this will not
provide you a great deal of benefit. The database will contain
structure for this in the future but some other snort internals need
to be worked on before this will be possible.

* Jed



More information about the Snort-users mailing list