[Snort-users] Mult snort instances and portscan logging

Stephen Shepherd drew600_1999 at ...131...
Fri Oct 26 08:45:06 EDT 2001


Okay I will give that a try.  I suppose that that multiple portscan logs are
on the list for future updates.  Or hopefully spp_portscan will be updated
soon.

One note ,in case someone has not mentioned it, it would be nice if the port
numbers on the various port summary pages were clickable for port DB lookup.

BTW I am helping Lee test Charlie's MS SQL version.  Aside from some time
sorting issues in a few screens everything looks good.  I am really glad to
have ACID running.  Your software makes investigating alerts very doable.
Thanks for all the hard work.  If there is anything I can do on the MS front
just let me know..

-----Original Message-----
From: roman at ...438... [mailto:roman at ...438...]
Sent: Thursday, October 25, 2001 18:40
To: Stephen Shepherd
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Mult snort instances and portscan logging


On Thu, 25 Oct 2001, Stephen Shepherd wrote:

[snip]

> Could I just concatenate them and reference the combined file in ACID, or
do
> the entries need to be in chronological order?

Concatenating the log is not a problem.

Roman



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list