[Snort-users] Logging portscan on database

Josh Berry josh.berry at ...10221...
Mon Nov 24 09:10:11 EST 2003

I believe that the portscan preprocessor only registers with the alert
output.  Try changing the output database to:

output database: alert, mysql, etc...

> On Monday 24 November 2003 14:02, Leonardo Spalenza wrote:
>> Yes, it is possible. You must to follow a list of task to get it
>> working:
>> Install mysql
>> Create one user to snort access the database
>> Setting up the database in mysql (/usr/local/mysql/bin/mysql -u root -p
>> <
>> ./contrib/create_mysql snort)
>> Compile snort with support to my-sql (--with-mysql="sql-path")
>> Modify your snort.conf (output database: log, mysql, user=snort_user
>> password=snort_user_pass, dbname=snort, host=IP_mysql)
>> If you use redhat the document bellow is a excelent source of
>> information.
>> If you don't you still can get a lot of tips in there.
>> http://www.snort.org/docs/snort_acid_rh9.pdf
>> In documentation section of www.snort.org you can find a lot more
>> information.
> As far as I have tested, this works for all alerts, except for the
> portscans,
> and that was what the question was about ...
> I tried this with MySQL and PostgreSQL (which I use now), but both don't
> get
> the portscan notifications...
> Greetz,
> Erwin
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Josh Berry, CTO
josh.berry at ...10268...

More information about the Snort-users mailing list