[Snort-users] Portscans aren't logging to postgresql...
daedalus at ...494...
Tue Nov 27 13:04:05 EST 2001
I've got snort set up to log to postgresql and acid to view/manage it,
but for some reason it isn't logging portscans to the db. I can see
the spp portscan messages in the default alert file and the info is
collected in portscan.log but nothing makes it to the signature table
and acid reports 0% traffic from portscans. Any idea what's wrong?
Also, I have a question about the -A switch when starting snort.
If I want to log only to the database do I use -A none? Or, will
that shut off alerts to the db as well? Right now snort is logging
to both the alert file and the db.
BTW I'm using Snort 1.8.2, PostgreSQL 7.1.3 and acid 0.9.6b17
Thanks for any input,
More information about the Snort-users