[Snort-users] Logging portscan on database
josh.berry at ...10221...
Mon Nov 24 09:10:11 EST 2003
I believe that the portscan preprocessor only registers with the alert
output. Try changing the output database to:
output database: alert, mysql, etc...
> On Monday 24 November 2003 14:02, Leonardo Spalenza wrote:
>> Yes, it is possible. You must to follow a list of task to get it
>> Install mysql
>> Create one user to snort access the database
>> Setting up the database in mysql (/usr/local/mysql/bin/mysql -u root -p
>> ./contrib/create_mysql snort)
>> Compile snort with support to my-sql (--with-mysql="sql-path")
>> Modify your snort.conf (output database: log, mysql, user=snort_user
>> password=snort_user_pass, dbname=snort, host=IP_mysql)
>> If you use redhat the document bellow is a excelent source of
>> If you don't you still can get a lot of tips in there.
>> In documentation section of www.snort.org you can find a lot more
> As far as I have tested, this works for all alerts, except for the
> and that was what the question was about ...
> I tried this with MySQL and PostgreSQL (which I use now), but both don't
> the portscan notifications...
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Josh Berry, CTO
josh.berry at ...10268...
More information about the Snort-users