[Snort-users] Portscan not logging

Ed Kasky ed at ...3483...
Mon May 27 17:07:03 EDT 2002


I am running snort version 1.8.6 and recently switched over to a mysql 
database for alerts with the following to start the daemon:

daemon /usr/local/bin/snort -u snort -D -c /usr/local/snort/snort.conf

and from the snort.cf:

output database: alert, mysql, user=snort password=***** dbname=snort 
host=localhost
~and~
preprocessor portscan: $HOME_NET 4 3 portscan.log

No portscan activity is getting logged to the database according to the 
results from acid.  I used to see at least a few a week.

Should the second line be changed to log them to the database as well or 
should portscan detections go to the database based on the first line?

Thanks in advance for any pointers....

Ed
~~
Ed Kasky
Los Angeles, CA
. . . . . . . .
Everywhere is walking distance if you have the time.
	- Steven Wright





More information about the Snort-users mailing list