[Snort-users] ACID and snort 1.8?

roman at ...438... roman at ...438...
Thu Jun 14 00:39:47 EDT 2001


> > Is anybody running snort 1.8 with ACID?  It doesn't look like there is
> > any specific support in ACID for snort 1.8 classtypes.  Does anybody know
> > if there will be?

Even the CVS version of ACID does not currently support 
snort 1.8 classifications or priorities.  However, this functionality
is very high on the TODO list.
 
> > Also does anybody know if ACID will ever support the snort preprocessors
> > like portscan?  

I'm not sure what you mean by this.  If the database plugin
is configured to log the "alert" facility, then the portscans
alert messages will appear just like any other alerts.  However,
the observation that pre-processor logging is clumsy is correct.
Future versions of Snort will have improved pre-processor
logging, but this will not occur in the 1.8 release.

Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list