[Snort-users] Acid Database Logs

Kenny D bitored2002 at ...3162...
Thu Feb 28 10:17:12 EST 2002


Thats what i want but i lose the emailing
functionality of idscenter because of it. Maybe
something for a future release.

Thanks for your help.

 --- "McGuire, Barrett" <BCMcGuire at ...5159...>
wrote: > Correct.  At least that is how it works for
me. 
> Have also seen discussion
> on the same subject w/ the same answers.  What it
> comes down to is:  Do you
> want Acid to display portscans.  If yes, the output
> database must be "alert"
> and in doing that you lose your log file, but all
> snort output is logged to
> the database.
> 
> -----Original Message-----
> From: Kenny D [mailto:bitored2002 at ...3162...]
> Sent: Thursday, February 28, 2002 12:06 PM
> To: McGuire, Barrett
> Cc: snort users
> Subject: RE: [Snort-users] Acid Database Logs
> 
> 
> Thanks,
> 
> So with alert i will never have anything in my log
> file? 
> 
> 
> 
>  --- "McGuire, Barrett" <BCMcGuire at ...5159...>
> wrote: > Ran into same thing.  When output database
> command
> > is "alert", nothing will
> > show up in log file.  when output database command
> > is "log" you will see the
> > alert in the log and in Acid.  this is by design.
> > 
> > If you do not use the output database "alert",
> your
> > portscans will not show
> > up in Acid.
> > 
> > I use the output database "alert", so that my
> > portscans will show up in
> > Acid.
> > 
> > bcmcg
> > 
> > -----Original Message-----
> > From: Kenny D [mailto:bitored2002 at ...3162...]
> > Sent: Thursday, February 28, 2002 10:24 AM
> > To: snort users
> > Subject: [Snort-users] Acid Database Logs
> > 
> > 
> > Hi,
> > 
> > I have setup snort logging to Acid and have
> noticed
> > something strange. When i view the page
> > localhost\Acid\index.html i notice from time to
> time
> > alerts being logged. However these alrtsdo not
> raise
> > a
> > snort alarm,(iuse idscenter to send myself an
> email)
> > and nothing is logged in my alert.log file.
> > 
> > I use the output database command with the alert
> > option not log. Why does this happen? Shouldnt i
> get
> > an alert on snort?
> > 
> > Hope someone can help.
> > 
> > Rgds.
> > 
> > http://movies.yahoo.com.au - Yahoo! Movies
> > - Vote for your nominees in our online Oscars
> pool.
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> http://movies.yahoo.com.au - Yahoo! Movies
> - Vote for your nominees in our online Oscars pool. 

http://movies.yahoo.com.au - Yahoo! Movies
- Vote for your nominees in our online Oscars pool.




More information about the Snort-users mailing list