[Snort-users] Question about Snort/ACID/MySQL and portscans

Snow Jacob C KPWA JacobSC at ...160...
Thu Apr 24 13:05:07 EDT 2003


Just a curious question when you have:

 

output database: log, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

output database: alert, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

 

in the snort.conf file will you get alerts in the log file as well?

 

I have installed the service with:

 

snort /service /install -o -l d:/applications/snort/log -c
d:/applications/snort/etc/snort.conf -d -i3

 

I am wondering why none of the port scans that happen are showing up in SQL
they are showing up in a text document in the log folder.  Hwo do I
configure the port scans to go to mysql so I can view them with acid?  I am
using snort 1.91 on win2k/xp.  The alerts work fine and I can view
everything with acid, except the port scans.  I can go into the log
directory and see the port scan listing.

 

 

Thank you,

 

Jacob Snow

jacobsc at ...160... <mailto:jacobsc at ...160...> 

(360)315-3487

NAVSEA Intern

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030424/2a1da3d1/attachment.html>


More information about the Snort-users mailing list