[Snort-users] Snort Enterprise Implementation
adamsg at ...7983...
Mon Jan 13 05:07:03 EST 2003
I have setup an "Snort Enterprise Implementation". I used the
documentation prepared by Steven J. Scoot. (http://www.superhac.com) I
have set up the two linux servers, one acting as a server for ACID,
apache, MySQL Database, and SnortCenter, the second linux box is setup
as a Snort Sensor only.
I have been seccessfuly in setup the two servers and see events being
recorded for the fields TCP, UDP, ICMP of the Analysis Console for
Intrusion Databases (ACID); however, the precent for Portscan Traffic
remains at zero ACID.
The snort sensor server show data being recorded to alert and scan.log
Does anyone have any insite as to what I may have missed in the
configuration to cause the Portscan Traffic to remain at zero.
More information about the Snort-users