Snort mailing list archives
Re: portscan.log empty
From: John Sage <jsage () finchhaven com>
Date: Sat, 15 Dec 2001 21:42:11 -0800
David:Several things about nmap: where did you run nmap from? The outside, or from inside your LAN? Or was it run from on the snort box?
If all your logs are empty over an extended period of time, it's still very faintly possible that nothing has happened that would cause an alert to be raised, but I kinda doubt that...
What command line are you using? What output plugins are you using in snort.conf? How do you have $HOME_NET and $EXTERNAL_NET set? Which rules do you have in effect? etc etc etc...Questions such as yours are much more easily answered if people would provide all that kinda fundamental detail right from the start...
- John David Gitman wrote:
I ran a nmap on my snort/firewall box and don?t see anything in my portscan.log . Actually all my snort logs are still empty. I have portscan setto $HOME_NET 4 3 portscan.log. Any suggestions would be appreciated.Thanks,David Gitman
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan.log empty David Gitman (Dec 15)
- Re: portscan.log empty John Sage (Dec 15)