Snort mailing list archives
RE: snort "portscan.log" file empty?
From: "Matt Harrell" <mhar () plexus-online com>
Date: Wed, 15 Aug 2001 08:12:54 -0400
My alert.log file is actually even less used than portscan.log. My alert.log file hasn't been updated since April 17th. We actually don't see a lot of activity, normally. Occasional port scans (mostly on weekends) are about it. I'm assuming these two logs don't get much activity because they don't log specifically for the default.ida (Code Red) stuff? Thanks for the help. Matt Harrell Plexus Systems mhar () plex-sys com -----Original Message----- From: Jason A. Haynes Sent: Tue 8/14/2001 6:22 PM To: Matt Harrell Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort "portscan.log" file empty? portscan.log logs port scans. alert.log logs, well, alerts. You should have both perl clients, one for each logfile format. If you're missing it, the alert one is here: http://www.dshield.org/clients/dshield_snort.pl BTW, thanks for the link; I'll start sending them my home logs as soon as I script up a sort of whitelist for my job & other IPs I test from. Jason On Tue, 14 Aug 2001, Matt Harrell wrote: > I'm a relatively new user of Snort. I'm running Snort version 1.8p1-0 > (RPM) on Red Hat Linux 7.1. I've noticed that the > /var/log/snort/portscan.log file rarely gets stuff logged to it, even > though I see a lot of activity logged by Snort in the "auth" log (and > "syslog") and for individual IP numbers in /var/log/snort for Code Red. > Shouldn't more be getting logged in portscan.log? > > The main reason I'm asking is that I recently became a member of DShield > (http://www.dshield.org), and I'm tyring to send in my Snort > portscan.log file every day for the project using the Perl script I got > from the DShield web site for Snort (specifically for portscan.log). It > seems only partially useful if many attacks that Snort detects are not > logged to portscan.log. > > Thank you. > > Matt Harrell > Plexus Systems > mhar () plex-sys com > ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÒžŠíþë®ÉšŠX§‚X¬µ)è®ßî±êìþX¬¶Ïì¢êÜyú+ ïçzѨ¶‹aŠÅ.Ú…©àz뮊mŠ‰ì¢»§²æìr¸›{øm¶ŸÿþX¬¶Ïì¢êÜyú+ïçzßåŠËlþX¬¶)ߣû' ¢»ÿºÇ«±)è®ßî±êì–+-j·!Š÷ÿ†ÛiÿÿðÃàz‡+k ^¯÷(›úÞv*ÿ±ÿé†ÿ–+-®ßî±êì >
Current thread:
- snort "portscan.log" file empty? Matt Harrell (Aug 14)
- Re: snort "portscan.log" file empty? Jason A. Haynes (Aug 14)
- <Possible follow-ups>
- RE: snort "portscan.log" file empty? Matt Harrell (Aug 15)