Re: portscan.log empty

[John Sage <jsage () finchhaven com>]

David:

Several things about nmap: where did you run nmap from? The outside, or 
from inside your LAN? Or was it run from on the snort box?

If all your logs are empty over an extended period of time, it's still 
very faintly possible that nothing has happened that would cause an 
alert to be raised, but I kinda doubt that...

What command line are you using?

What output plugins are you using in snort.conf?

How do you have $HOME_NET and $EXTERNAL_NET set?

Which rules do you have in effect?

etc etc etc...


Questions such as yours are much more easily answered if people would 
provide all that kinda fundamental detail right from the start...


- John



David Gitman wrote:

> I ran a nmap on my snort/firewall box and don?t see anything in my 
> portscan.log . Actually all my snort logs are still empty. I have 
> portscan setto $HOME_NET 4 3 portscan.log. Any suggestions would be 
> appreciated.
>
>  
>
> Thanks,
>
>  
>
> David Gitman




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users