[Snort-users] Portscan not logging
ed at ...3483...
Mon May 27 17:07:03 EDT 2002
I am running snort version 1.8.6 and recently switched over to a mysql
database for alerts with the following to start the daemon:
daemon /usr/local/bin/snort -u snort -D -c /usr/local/snort/snort.conf
and from the snort.cf:
output database: alert, mysql, user=snort password=***** dbname=snort
preprocessor portscan: $HOME_NET 4 3 portscan.log
No portscan activity is getting logged to the database according to the
results from acid. I used to see at least a few a week.
Should the second line be changed to log them to the database as well or
should portscan detections go to the database based on the first line?
Thanks in advance for any pointers....
Los Angeles, CA
. . . . . . . .
Everywhere is walking distance if you have the time.
- Steven Wright
More information about the Snort-users