[Snort-users] Logging portscan on database

Erwin Van de Velde erwin.vandevelde at ...10361...
Mon Nov 24 08:40:07 EST 2003


On Monday 24 November 2003 14:02, Leonardo Spalenza wrote:
> Yes, it is possible. You must to follow a list of task to get it working:
>
> Install mysql
> Create one user to snort access the database
> Setting up the database in mysql (/usr/local/mysql/bin/mysql -u root -p <
> ./contrib/create_mysql snort)
> Compile snort with support to my-sql (--with-mysql="sql-path")
> Modify your snort.conf (output database: log, mysql, user=snort_user
> password=snort_user_pass, dbname=snort, host=IP_mysql)
>
> If you use redhat the document bellow is a excelent source of information.
> If you don't you still can get a lot of tips in there.
>
> http://www.snort.org/docs/snort_acid_rh9.pdf
>
> In documentation section of www.snort.org you can find a lot more
> information.
>

As far as I have tested, this works for all alerts, except for the portscans, 
and that was what the question was about ...
I tried this with MySQL and PostgreSQL (which I use now), but both don't get 
the portscan notifications...

Greetz,
Erwin





More information about the Snort-users mailing list