[Snort-users] portscans and acid

Roman Danyliw roman at ...438...
Wed Mar 13 17:47:08 EST 2002

Are you logging to the database?  ACID will not display events not logged in the
database.  It has limited ability to parse the portscan.log file, but these
events will not appear like "normal" events.  See Question #B7 of the ACID FAQ:


On Wed, 13 Mar 2002 11:53:12 -0500, "Basil Saragoza" <snortlst at ...125...> wrote :

> I configured acid to look int he /var/log/snort/portscan.log file for port
> scans....nothing is displayed for the whole week. Actually nothing was
> displayed in portscan acid field since the installation.
> portscan.log contains a lot of entries and I wonder what prevents acid from
> displaying it.
> acid b20, snort 1.8.3 on rh7.2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list