Snort mailing list archives
Re: Port Scan traffic not showing
From: Dustin Decker <dustind () moon-lite com>
Date: Mon, 6 Jan 2003 22:30:54 -0600 (CST)
On Mon, 6 Jan 2003 linuxnews () wormfishin com wrote:
I recentely installed Snort and i'm using the Acid console for output, I can't seem to get logs though for port scan traffic, i've done multiple port scans on the network but nothing is showing up. I made sure that the port scan rules were not commented out, I'm wondering if it's because we have a token ring network? Does anyone have any ideas?
From: http://www.snort.org/docs/faq.html#6.16 "Q: Portscans are not being logged to my database A: You need to change the output facility to 'alert' rather then 'log'. The portscan preprocessor calls output plugins registered as 'alert' plugins rather then 'log'. output database: alert, mysql, user=snort dbname=snort host=localhost" Hope this helps, D. -- *-----------------------------------* | Dustin Decker | | dustind () moon-lite com *-----------------------------------------* | http://www.dustindecker.com | | | Moon-Lite Computing | | | 913.579.7117 | | *-----------------------------| E = MC ** 2 +- 3db | | | | | | | *-----------------------------------------* ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Port Scan traffic not showing linuxnews (Jan 06)
- Re: Port Scan traffic not showing Paul Hrolenok (Jan 06)
- Re: Port Scan traffic not showing Dustin Decker (Jan 06)