[Snort-users] Mult snort instances and portscan logging
drew600_1999 at ...131...
Fri Oct 26 08:45:06 EDT 2001
Okay I will give that a try. I suppose that that multiple portscan logs are
on the list for future updates. Or hopefully spp_portscan will be updated
One note ,in case someone has not mentioned it, it would be nice if the port
numbers on the various port summary pages were clickable for port DB lookup.
BTW I am helping Lee test Charlie's MS SQL version. Aside from some time
sorting issues in a few screens everything looks good. I am really glad to
have ACID running. Your software makes investigating alerts very doable.
Thanks for all the hard work. If there is anything I can do on the MS front
just let me know..
From: roman at ...438... [mailto:roman at ...438...]
Sent: Thursday, October 25, 2001 18:40
To: Stephen Shepherd
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Mult snort instances and portscan logging
On Thu, 25 Oct 2001, Stephen Shepherd wrote:
> Could I just concatenate them and reference the combined file in ACID, or
> the entries need to be in chronological order?
Concatenating the log is not a problem.
This message was sent using Voicenet WebMail.
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users