[Snort-users] Portscans logging to MySQL

Ron Rosson insane at ...321...
Thu Apr 12 10:27:22 EDT 2001


Joe McAlerney (joey at ...47...) wrote:
> Hello Ron,
> 
> Ron 'The InSaNe One' Rosson wrote:
> 
> > output database: log, mysql, user=snort dbname=snort host=localhost
>                    ^^^
> Change this to 'alert'.  In the CVS version of Snort, the portscan
> plugin calls all output plugins registered as type 'alert' rather then
> 'log'.
> 

Tried that and did a portscan from an untrusted host and still no
portscan logging to mysql. ANd now it is not logging to syslog either.

The rule sets are from araachnids vision.conf

I am baffled

-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
     The three Rs of Microsoft support: Retry, Reboot, Reinstall.




More information about the Snort-users mailing list