[Snort-users] portscans and acid

Basil Saragoza snortlst at ...125...
Thu Mar 14 09:11:04 EST 2002


I got it, so I have first to log those portscans to mysql and then they will
be displayed in acid, rigth?
Just wonder - if this is the case then what's tghe point of supplying path
to portscan.log file in acid config file?
----- Original Message -----
From: "Roman Danyliw" <roman at ...438...>
To: "Basil Saragoza" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, March 13, 2002 8:46 PM
Subject: Re: [Snort-users] portscans and acid


> Are you logging to the database?  ACID will not display events not logged
in the
> database.  It has limited ability to parse the portscan.log file, but
these
> events will not appear like "normal" events.  See Question #B7 of the ACID
FAQ:
> http://acidlab.sourceforge.net/acid_faq.html#faq_b7
>
> cheers,
> Roman
>
> On Wed, 13 Mar 2002 11:53:12 -0500, "Basil Saragoza"
<snortlst at ...125...> wrote :
>
> > I configured acid to look int he /var/log/snort/portscan.log file for
port
> > scans....nothing is displayed for the whole week. Actually nothing was
> > displayed in portscan acid field since the installation.
> > portscan.log contains a lot of entries and I wonder what prevents acid
from
> > displaying it.
> > acid b20, snort 1.8.3 on rh7.2
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> >
>




More information about the Snort-users mailing list