[Snort-users] Acid Database Logs
bitored2002 at ...3162...
Thu Feb 28 10:17:12 EST 2002
Thats what i want but i lose the emailing
functionality of idscenter because of it. Maybe
something for a future release.
Thanks for your help.
--- "McGuire, Barrett" <BCMcGuire at ...5159...>
wrote: > Correct. At least that is how it works for
> Have also seen discussion
> on the same subject w/ the same answers. What it
> comes down to is: Do you
> want Acid to display portscans. If yes, the output
> database must be "alert"
> and in doing that you lose your log file, but all
> snort output is logged to
> the database.
> -----Original Message-----
> From: Kenny D [mailto:bitored2002 at ...3162...]
> Sent: Thursday, February 28, 2002 12:06 PM
> To: McGuire, Barrett
> Cc: snort users
> Subject: RE: [Snort-users] Acid Database Logs
> So with alert i will never have anything in my log
> --- "McGuire, Barrett" <BCMcGuire at ...5159...>
> wrote: > Ran into same thing. When output database
> > is "alert", nothing will
> > show up in log file. when output database command
> > is "log" you will see the
> > alert in the log and in Acid. this is by design.
> > If you do not use the output database "alert",
> > portscans will not show
> > up in Acid.
> > I use the output database "alert", so that my
> > portscans will show up in
> > Acid.
> > bcmcg
> > -----Original Message-----
> > From: Kenny D [mailto:bitored2002 at ...3162...]
> > Sent: Thursday, February 28, 2002 10:24 AM
> > To: snort users
> > Subject: [Snort-users] Acid Database Logs
> > Hi,
> > I have setup snort logging to Acid and have
> > something strange. When i view the page
> > localhost\Acid\index.html i notice from time to
> > alerts being logged. However these alrtsdo not
> > a
> > snort alarm,(iuse idscenter to send myself an
> > and nothing is logged in my alert.log file.
> > I use the output database command with the alert
> > option not log. Why does this happen? Shouldnt i
> > an alert on snort?
> > Hope someone can help.
> > Rgds.
> > http://movies.yahoo.com.au - Yahoo! Movies
> > - Vote for your nominees in our online Oscars
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> > Snort-users list archive:
> http://movies.yahoo.com.au - Yahoo! Movies
> - Vote for your nominees in our online Oscars pool.
http://movies.yahoo.com.au - Yahoo! Movies
- Vote for your nominees in our online Oscars pool.
More information about the Snort-users