[Snort-users] Portscans aren't logging to postgresql...

Daedalus daedalus at ...494...
Tue Nov 27 13:04:05 EST 2001


Hi all,

I've got snort set up to log to postgresql and acid to view/manage it,
but for some reason it isn't logging portscans to the db.  I can see
the spp portscan messages in the default alert file and the info is
collected in portscan.log but nothing makes it to the signature table
and acid reports 0% traffic from portscans.  Any idea what's wrong?

Also, I have a question about the -A switch when starting snort.
If I want to log only to the database do I use -A none?  Or, will
that shut off alerts to the db as well?  Right now snort is logging
to both the alert file and the db.

BTW I'm using Snort 1.8.2, PostgreSQL 7.1.3 and acid 0.9.6b17

Thanks for any input,
-Bill
 






?



clear





More information about the Snort-users mailing list