AW: [Snort-users] ACID Reporting and Portscans

Poppi, Sandro Sandro.Poppi at ...3316...
Tue Aug 6 22:12:04 EDT 2002


Joe,

I suppose you have output database: log ... in snort.conf. Switch to output
database: alert ... and it should work.

HTH,
Sandro
> 
> Well, Now Im totaly confused. I am logging to the syslog AND 
> to MySQL (For Acid), and in the syslog, Im getting:
> Aug  6 13:21:23 wolfserver snort: spp_portscan: portscan 
> status from <ip Address>: 1 connections across 1 hosts: 
> TCP(1), UDP(0)  , but in Acid, Im not seeing that. The 
> portscan.log file has these permissions:
> 
> -rw-rw-r--    1 root     root        67691 Aug  6 13:22 portscan.log
> 
> Any Ideas why its not showing up in Acid?
> 
> Thanks
> 
> Joe
> 




More information about the Snort-users mailing list