[Snort-users] logging portscans to database
skip at ...1552...
Mon Mar 12 22:17:35 EST 2001
I am running two instances of snort 1.7, one on Linux and one on OpenBSD.
Both of them are logging to (local) postgres databases. I have noticed
that port scan alerts are only logged to the 'event' table and they do
not show up in the 'iphdr' or any other tables. Is there a way to get
that information logged as well ?
I am using the 03/01/2001 rulebase.
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skip at ...1552...
1340 Munras Ave., Suite 314 UUCP: ...!uunet!taygeta!skip
Monterey, CA. 93940 WWW: http://www.taygeta.com/skip.html
More information about the Snort-users