[Snort-users] Spade ---What gives

bthaler at ...2720... bthaler at ...2720...
Wed Mar 13 08:48:09 EST 2002


Well, since I'm not using Acid, I would have no reason to look in the Acid FAQ's, would I?

Perhaps this should be included in the *Snort* FAQ.....oh wait, it already is...doh!
But to my own defense, this problem is listed as "Portscans are not being logged to my database", so a layperson like myself
wouldn't know that this is the same problem.





Sincerely,
Brad T.




----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: <bthaler at ...2720...>
Cc: "James Hoagland" <hoagland at ...47...>; <snort-users at lists.sourceforge.net>
Sent: Wednesday, March 13, 2002 11:37 AM
Subject: Re: [Snort-users] Spade ---What gives


> On Wed, 13 Mar 2002 bthaler at ...2720... wrote:
>
> > Something else I noticed: Even with my usual database output plugin enabled,
> > Snort still creates the "alert" file.
>
> Yep.  That's normal.
>
> > I grep'd this for "spp_anomsensor", and viola!  There's millions of Spade
> > alerts in there.  So evidently Spade was working properly, and it seems that
> > Snort was just not writing the spp_anomsensor alerts to the database.
>
> Nope.  Not quite.
>
> http://acidlab.sourceforge.net/acid_faq.html#faq_b7
>
> Oh, and that's a one drink penalty for the question and a one drink penalty
> for the answer.  ;-)
>
> It's amazing what you can find in the FAQ's and docs, isn't it?  ;-)
>
> Cheers!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>
>





More information about the Snort-users mailing list