[Snort-users] PortScans no longer showing up in ACID Console

roman at ...438... roman at ...438...
Wed Apr 11 13:11:27 EDT 2001


Tim,

There has been no significant change in how ACID handles portscans.
Can you confirm that the alerts are being written to the database?
Try the following sql from you db client:

SELECT * FROM signature WHERE sig_name like 'spp_portscan%';

Do you get results?

Roman

> I just switched to ACID v0.9.6b8 from the CVS Archive, and now portscan no
> longer show up in the Alert listing.  When I use an older version of ACID, I
> see all of the unique alerts (i.e.  all of the portscans.).  Does anyone
> know if there has been a change in ACID's handling of portscan alerts?
> 
> Tim Hughes
> Network Engineer
> MCurve, Inc.
> tph at ...1513...
> (847) 843-8200
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list