[Snort-users] Portscans, alerts, and Database question
kevinp at ...6884...
Fri Sep 13 08:28:03 EDT 2002
Hi all. I'm setting up a Snort install with one sensor in front of my
firewall and a second behind it. The internal sensor machine also
hosts a mySQL database which both sensors log events to.
I *don't* want portscans logged to the database (I'll use SnortSnarf to
report on the portscans directly from the portscans.log file). I
understand that if I change the database output plugin type to "log"
from "alert", the portscans won't get sent to the database. But will
making this change affect anything else?
More information about the Snort-users