[Snort-users] Portscans, alerts, and Database question

James Hoagland hoagland at ...47...
Sat Sep 14 07:54:02 EDT 2002


At 10:37 AM -0400 9/13/02, Kevin Peuhkurinen wrote:
>Hi all.  I'm setting up a Snort install with one sensor in front of my
>firewall and a second behind it.   The internal sensor machine also
>hosts a mySQL database which both sensors log events to.
>
>I *don't* want portscans logged to the database (I'll use SnortSnarf to
>report on the portscans directly from the portscans.log file).   I
>understand that if I change the database output plugin type to "log"
>from "alert", the portscans won't get sent to the database.  But will
>making this change affect anything else?

Spade alerts.  Probably alerts from other plug-ins too.

Best regards,

   Jim
-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-users mailing list