[Snort-users] Logging portscan on database
Erwin Van de Velde
erwin.vandevelde at ...10361...
Mon Nov 24 08:40:07 EST 2003
On Monday 24 November 2003 14:02, Leonardo Spalenza wrote:
> Yes, it is possible. You must to follow a list of task to get it working:
> Install mysql
> Create one user to snort access the database
> Setting up the database in mysql (/usr/local/mysql/bin/mysql -u root -p <
> ./contrib/create_mysql snort)
> Compile snort with support to my-sql (--with-mysql="sql-path")
> Modify your snort.conf (output database: log, mysql, user=snort_user
> password=snort_user_pass, dbname=snort, host=IP_mysql)
> If you use redhat the document bellow is a excelent source of information.
> If you don't you still can get a lot of tips in there.
> In documentation section of www.snort.org you can find a lot more
As far as I have tested, this works for all alerts, except for the portscans,
and that was what the question was about ...
I tried this with MySQL and PostgreSQL (which I use now), but both don't get
the portscan notifications...
More information about the Snort-users