[Snort-users] Portscan Preprocessor...
agent33 at ...187...
Wed May 9 13:21:48 EDT 2001
> Hi all.
> Just updated snort from 1.7 to 1.8beta something last week. I used to
> log alerts into a MySQL database which schema came with snort tarball.
> With 1.7 I saw portscan reports logged into the DB, but now with 1.8 I
> do not see anything logged from this preprocessor.
> The link to Patrick Mullen homepage seems to be broken and I just
> wondered how I have to specify snort to log this preprocessor's result
> into the DB. Seems that "preprocessor portscan 4 3 $HOME_NET " does
To quote myself "This really needs to be in the FAQ"
To quote others "
> > output database: log, mysql, user=snort dbname=snort host=localhost
> Change this to 'alert'. In the CVS version of Snort, the portscan
> plugin calls all output plugins registered as type 'alert' rather then
More information about the Snort-users