[Snort-users] Database logging for spp_portscan plugin
fygrave at ...121...
Tue Sep 26 19:23:46 EDT 2000
~ :> Well, as soon as spo_alert_databse is done, it will be possible. Jed, any
~ :> news on this front? :)
~ :I still need to look into this. From what I understand (and someone
~ :please correct me if I am wrong), "alerts" also go to the "log"
~ :facility --- that is AlertFunc also calls LogFunc; thus, having a
~ :separate database plugin connected to the "alert" facility will not
~ :fix the problem.
Don't remember, need to have a look into that, but from what I have seen
in portscan preprocessor, we can replace all LogFunc with AlertFunc... to
get the thing easily done :), votes, opinions? :)
More information about the Snort-users