Snort mailing list archives
Re: snort 186 does not detect/log any portscans
From: counter.spy () gmx de
Date: Thu, 25 Apr 2002 18:04:59 +0200 (MEST)
Joe, thanks for the idea, I tried and added a comma, but it still didn't work. :( Any other ideas? Maybe I will have to make a distclean, recompile and see if it's still missing scans, but I still suppose it's some stupid error of mine. Cheers, D. Liesen Joe McAlerney wrote:
You are missing a comma after detect_scans for the stream4 preprocessor. I don't see how that would affect the portscan preprocessor, but it's a place to start. Cheers, -Joe M. -- Joe McAlerney Silicon Defense: IDS Solutions
counter.spy () gmx de wrote:
Hello, having installed snort 1.8.6 on a SuSE Linux box with mysql support I have found that it doesn't detect/log portscans as it had before with 1.8.4,
same
setup (okay, the only difference is: I am now using a Linux box for the database with ACID, as well ;). I config: preprocessor stream4: detect_scans detect_state_problems preprocessor stream4_reassemble: ports all preprocessor portscan: 0.0.0.0/0 6 3 /var/log/snort/portscan.log command line: snort -c path_to_configfile -i eth1 Everything else seems to work fine. Anyone else having this problem? Have I missed any changes from 1.8.4? I guess it's just one of those stupid things that's poking my nose and giggling: "Hello, I am the little obvious_user_error, don't you see me?" and I just don't see it. ;) Thanks for any help! Greetings, D. Liesen -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 186 does not detect/log any portscans counter . spy (Apr 24)
- <Possible follow-ups>
- Re: snort 186 does not detect/log any portscans counter . spy (Apr 25)