[Snort-users] portscans and acid
snortlst at ...125...
Thu Mar 14 09:11:04 EST 2002
I got it, so I have first to log those portscans to mysql and then they will
be displayed in acid, rigth?
Just wonder - if this is the case then what's tghe point of supplying path
to portscan.log file in acid config file?
----- Original Message -----
From: "Roman Danyliw" <roman at ...438...>
To: "Basil Saragoza" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, March 13, 2002 8:46 PM
Subject: Re: [Snort-users] portscans and acid
> Are you logging to the database? ACID will not display events not logged
> database. It has limited ability to parse the portscan.log file, but
> events will not appear like "normal" events. See Question #B7 of the ACID
> On Wed, 13 Mar 2002 11:53:12 -0500, "Basil Saragoza"
<snortlst at ...125...> wrote :
> > I configured acid to look int he /var/log/snort/portscan.log file for
> > scans....nothing is displayed for the whole week. Actually nothing was
> > displayed in portscan acid field since the installation.
> > portscan.log contains a lot of entries and I wonder what prevents acid
> > displaying it.
> > acid b20, snort 1.8.3 on rh7.2
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
More information about the Snort-users