[Snort-users] Portscan not logging

ed ed at ...3483...
Tue May 28 07:19:03 EDT 2002


The site's not real busy, I used to see 3 or 4 scans a week...

I have been running it with mysql about 2 weeks.  It was working fine
outputting to logs.

On Tue, 28 May 2002, Mike Macias wrote:
> > output database: alert, mysql, user=snort password=***** dbname=snort 
> > host=localhost
> > ~and~
> > preprocessor portscan: $HOME_NET 4 3 portscan.log
> 
> > Should the second line be changed to log them to the database as well or 
> > should portscan detections go to the database based on the first line?
> > 
> 
> Nope.  It should go to your DB with just alert on.
> Is your site busy?  How long have you been running it in this config. 
> without seeing any results?

Ed Kasky
Los Angeles, CA
~~~~~~~~~~~~~~~
"If A is a success in life, then A equals x plus y plus z.
Work is x; y is play; and z is keeping your mouth shut."
~ Albert Einstein





More information about the Snort-users mailing list