[Snort-users] portscan logging to DB??

Steven Crandell steven.crandell at ...11827...
Sat Oct 30 10:33:02 EDT 2004


Hi all,

I'm sure I'm just missing the doc that tells me how to do this, but
try as I might, I can't find it.
I'm trying to find a way to get the alerts generated by this line in
my snort.conf
"preprocessor portscan: xxx.xxx.xxx.xxx/24 5 7 /var/log/snort/alert"
to log to the database in addition to the file specified.  

I'm also wondering about the flow-portscan preprocessor output.  
I have: "output-mode msg"
but does this mean that anything that the flow-portscan detects goes
to the db or some other place?


It may be worth noting that I have these two lines in my conf also.  
output alert_fast: alert
output database: log, mysql, user=<dbuser> password=<pass> dbname=<db>
host=localhost

I'm not sure if one or the other of them becomes a default output
method or something.  Any recommendations would be greatly
appreciated.

thanks,
-- 
Steven Crandell
steven.crandell at ...11827...




More information about the Snort-users mailing list