[Snort-users] Portscan Preprocessor...

Steve Halligan agent33 at ...187...
Wed May 9 13:21:48 EDT 2001


> Hi all.
> 
> Just updated snort from 1.7 to 1.8beta something last week. I used to
> log alerts into a MySQL database which schema came with snort tarball.
> With 1.7 I saw portscan reports logged into the DB, but now with 1.8 I
> do not see anything logged from this preprocessor.
> The link to Patrick Mullen homepage seems to be broken and I just
> wondered how I have to specify snort to log this preprocessor's result
> into the DB. Seems that "preprocessor portscan 4 3 $HOME_NET " does
> nothing...
> 
> Thanks.

To quote myself "This really needs to be in the FAQ"
To quote others "

> > output database: log, mysql, user=snort dbname=snort host=localhost
>                    ^^^
> Change this to 'alert'.  In the CVS version of Snort, the portscan
> plugin calls all output plugins registered as type 'alert' rather then
> 'log'.




More information about the Snort-users mailing list