Snort mailing list archives
No portscan alerts shown in acid.
From: "Peters, Michael D." <Michael.Peters () acbl net>
Date: Fri, 17 Oct 2003 09:20:43 -0400
I have made the following changes to the snort.conf file in an attempt to show portscan information in acid. I just don't see anything shown on the acid_main.php page. I do see the information being logged but nothing is being shown as a "Latest Greatest Alert". # Snort preprocessors preprocessor frag2 preprocessor stream4: detect_scans, disable_evasion_alerts, keepstats preprocessor stream4_reassemble: both preprocessor http_decode: 80 8080 18080 443 1812 3852 12345 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace preprocessor rpc_decode: 111 32771 preprocessor bo preprocessor telnet_decode preprocessor portscan: $FWO_NET 5 3 /var/snort/portscan/fwo/fwo-portscan.log preprocessor portscan-ignorehosts: 68.16.185.133/32 68.16.185.134/32 #preprocessor arpspoof #preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 #preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 3000 #preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5, port_limit 20, timeout 60 #preprocessor portscan2-ignorehosts: 172.16.0.0/12 # preprocessor perfmonitor: console flow events time 10 # output log_tcpdump: tcpdump.log output database: log, mysql, user=name password=password dbname=snort host=localhost sensor_name=FWO I have looked in the mailing archives. Can anyone assist me in finding out what I am doing wrong? Best regards, Michael D. Peters ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No portscan alerts shown in acid. Peters, Michael D. (Oct 17)
- <Possible follow-ups>
- Re: No portscan alerts shown in acid. John Creegan (Oct 18)