Snort mailing list archives
RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC"
From: "mike Hughes" <mikehughes013 () hotmail com>
Date: Fri, 14 Mar 2003 17:18:22 -0800
Whats Up Jose... actually i am logging portscans to the database and i got ACID to ALERT me by changing this line:
output database: log, mysql, user=snort password=011101 dbname=snort host=127.0.0.1
TO:output database: alert, mysql, user=snort password=snort dbname=snort host=127.0.0.1
Let me know if have any problems... MIKE
From: "Jose Ramon Hernandez Macias" <jhernandez () alestra com mx> To: "mike Hughes" <mikehughes013 () hotmail com>Subject: RE: [Snort-users] preprocessor portscan2-ignorehosts + "WEBTRAFFIC"Date: Fri, 14 Mar 2003 17:41:47 -0600 MIME-Version: 1.0Received: from mail ([207.248.229.8]) by mc7-f10.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 14 Mar 2003 15:42:33 -0800 Received: from 207.248.229.7 by mail (InterScan E-Mail VirusWall NT); Fri, 14 Mar 2003 17:40:15 -0600 (Central Standard Time)X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF5BDF05DF.9E325237-ON86256CE9.008205B8 () e-alestra com>X-MIMETrack: Serialize by Router on SMTPGTW/Alestra(Release 5.0.10 |March 22, 2002) at 03/14/2003 05:42:26 PMReturn-Path: jhernandez () alestra com mxX-OriginalArrivalTime: 14 Mar 2003 23:42:34.0390 (UTC) FILETIME=[63179360:01C2EA83]Hi Mike, By the way, how did you get ACID working with portscan2 preprocessor?, you´re not logging to a database, are you? Jose "Rapidity is the essence of war: take advantage of the enemy´s unreadiness, make your way by unexpected routes, and attack unguarded spots." -- Sun Tzu "mike Hughes"<mikehughes013 () hotmail com> To: snort-users () lists sourceforge netSent by: cc:snort-users-admin () lists sour Subject: RE: [Snort-users] preprocessor portscan2-ignorehosts + "WEBTRAFFIC"ceforge.net 14/03/2003 16:47 Hey Guys! I tyred both ways and 1 works: THIS ONE WORKS *For anyone else who has this problem too* preprocessor portscan2-ignorehosts: $DNS_SERVERS $eth0_ADDRESS The other one brings back this error: FATAL ERROR: ERROR /etc/snort/snort.conf (398) => Rule IP addr (192.168.0.1,192.173.0.0) didn't x-late, WTF? } _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
-------------------------------------------------------This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- preprocessor portscan2-ignorehosts + "WEBTRAFFIC" mike Hughes (Mar 14)
- RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC" Ray Ellington (Mar 14)
- <Possible follow-ups>
- RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC" mike Hughes (Mar 14)
- RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC" Erek Adams (Mar 15)
- RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC" mike Hughes (Mar 14)