[Snort-users] Portscans in enterprise environment

Erek Adams erek at ...950...
Tue Jan 21 19:20:02 EST 2003

On Tue, 21 Jan 2003, Bob Dehnhardt wrote:

> Okay, if I understand things properly (and there's a good chance I don't -
> feel free to correct me), the portscan2 preprocessor will only log to a
> file, not to a database. And ACID will only read the portscan data from one
> file.


Well...  It's almost right.  :)

First thing you need to understand the difference between the alert and
log facility [0].  Once you understand that, your question will fall into

Secondly, take three penalty drinks [1].  :)  4+ lines in the sig, and a
'This email...' discalimer.  ;-)


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
[1]	http://www.theadamsfamily.net/~erek/snort/drinking_game.txt

More information about the Snort-users mailing list