[Snort-users] logging portscans to database

Skip Carter skip at ...1552...
Mon Mar 12 22:17:35 EST 2001


I am running two instances of snort 1.7, one on Linux and one on OpenBSD.
Both of them are logging to (local) postgres databases.  I have noticed
that port scan alerts are only logged to the 'event' table and they do
not show up in the 'iphdr' or any other tables.  Is there a way to get
that information logged as well ?

I am using the 03/01/2001 rulebase.

 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    UUCP:     ...!uunet!taygeta!skip
 Monterey, CA. 93940            WWW: http://www.taygeta.com/skip.html

More information about the Snort-users mailing list