[Snort-users] Portscan log

Goldmoon summer_beha at ...131...
Fri Sep 13 11:19:05 EDT 2002


Hi, 

I do I set up Mysql to log all snort data and see it
ACID? Anyone know? I've tried the online docs, and
they are very confusing.

Thanks
--- John Sage <jsage at ...2022...> wrote:
> On Fri, Sep 13, 2002 at 10:55:04AM +0800,
> francisv at ...6732... wrote:
> > Hi,
> > 
> > How do I log portscans in the SQL database?
> > 
> > ---
> >  francis a. vidal [bitstop network services] |
> http://www.bitstop.ph
> >  streaming media + web hosting               |
> http://www.keystone.ph
> >  v(02)330-2871,(02)330-2872; f(02)330-2873   |
> http://www.kuro.ph 
> 
> umm..
> 
> Are they *not* being logged?
> 
> Are you saying this:
> 
> <snip>
> # portscan: detect a variety of portscans
> # ---------------------------------------
> # portscan preprocessor by Patrick Mullen
> <p_mullen at ...245...>
> # This preprocessor detects UDP packets or TCP SYN
> packets going to
> # four different ports in less than three seconds.
> "Stealth" TCP
> # packets are always detected, regardless of these
> settings. 
> 
> preprocessor portscan: $HOME_NET 4 3 portscan.log
> # keep as from 1.8.4
> <snip>
> 
> In your snort.conf?
> 
> 
> For me, this creates a text log in my snort logging
> directory, and an
> alert goes into the database, as well...
> 
> ...I'm not aware that you need to do more.
> 
> 
> 
> - John
> -- 
> "Obviously, we do not want to leave zombies around."
> 
> PGP key:    
> http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8
> F23D 35A4 F705
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




More information about the Snort-users mailing list