[Snort-users] portscan logging to DB??

Steven Crandell steven.crandell at ...11827...
Sat Oct 30 10:33:02 EDT 2004

Hi all,

I'm sure I'm just missing the doc that tells me how to do this, but
try as I might, I can't find it.
I'm trying to find a way to get the alerts generated by this line in
my snort.conf
"preprocessor portscan: xxx.xxx.xxx.xxx/24 5 7 /var/log/snort/alert"
to log to the database in addition to the file specified.  

I'm also wondering about the flow-portscan preprocessor output.  
I have: "output-mode msg"
but does this mean that anything that the flow-portscan detects goes
to the db or some other place?

It may be worth noting that I have these two lines in my conf also.  
output alert_fast: alert
output database: log, mysql, user=<dbuser> password=<pass> dbname=<db>

I'm not sure if one or the other of them becomes a default output
method or something.  Any recommendations would be greatly

Steven Crandell
steven.crandell at ...11827...

More information about the Snort-users mailing list