[Snort-users] ACID and portscan reporting

Roman Danyliw roman at ...438...
Tue Oct 16 08:10:15 EDT 2001


Modifying the database logging configuration will have no effect on log
file output.

Roman

On Tue, 16 Oct 2001, Karen Marino wrote:

> The FAQ says to change the output line in your snort.conf to:
>
> output database: alert, mysql, user=user dbname=snort host=localhost
>
> My question is, does this stop snort from logging to the log file and
> the database?  I like that I have it logging to both.  Sorry, I'm new to
> this.
>
> Karen
>
>
> -----Original Message-----
> From: roman at ...438... [mailto:roman at ...438...]
> Sent: Monday, October 15, 2001 8:05 PM
> To: Lists
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ACID and portscan reporting
>
> The database plugin probably has not been configured correctly to
> support portscans.
> See Question #B-7 of the ACID FAQ:
> http://acidlab.sourceforge.net/acid_faq.html
>
> Roman
>
> > On Wed, 19 Sep 2001, Lists wrote:
> >
> > > I see that port scans are being logged to alert.ids, yet nothing
> shows
> > > up in ACID under portscans.
> > >
> > > All of the rules seem to be working fine.  I am sure this is
> probably
> > > something simple that I am overlooking.
> > >
> > > Anybody?
> > >
> > >
> > >
> > > Ben
> Keepper






More information about the Snort-users mailing list