[Snort-users] Portscans, alerts, and Database question
hoagland at ...47...
Sat Sep 14 07:54:02 EDT 2002
At 10:37 AM -0400 9/13/02, Kevin Peuhkurinen wrote:
>Hi all. I'm setting up a Snort install with one sensor in front of my
>firewall and a second behind it. The internal sensor machine also
>hosts a mySQL database which both sensors log events to.
>I *don't* want portscans logged to the database (I'll use SnortSnarf to
>report on the portscans directly from the portscans.log file). I
>understand that if I change the database output plugin type to "log"
>from "alert", the portscans won't get sent to the database. But will
>making this change affect anything else?
Spade alerts. Probably alerts from other plug-ins too.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users