Snort mailing list archives

No portscan alerts shown in acid.

From: "Peters, Michael D." <Michael.Peters () acbl net>
Date: Fri, 17 Oct 2003 09:20:43 -0400

I have made the following changes to the snort.conf file in an attempt to
show portscan information in acid. I just don't see anything shown on the
acid_main.php page. I do see the information being logged but nothing is
being shown as a "Latest Greatest Alert".

# Snort preprocessors
preprocessor frag2
preprocessor stream4: detect_scans, disable_evasion_alerts, keepstats
preprocessor stream4_reassemble: both
preprocessor http_decode: 80 8080 18080 443 1812 3852 12345 unicode
iis_alt_unicode double_encode iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor portscan: $FWO_NET 5 3 /var/snort/portscan/fwo/fwo-portscan.log
preprocessor portscan-ignorehosts:  68.16.185.133/32 68.16.185.134/32
#preprocessor arpspoof
#preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
#preprocessor conversation: allowed_ip_protocols all, timeout 60,
max_conversations 3000
#preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5,
port_limit 20, timeout 60
#preprocessor portscan2-ignorehosts: 172.16.0.0/12
# preprocessor perfmonitor: console flow events time 10
# output log_tcpdump: tcpdump.log
output database: log, mysql, user=name password=password dbname=snort
host=localhost sensor_name=FWO

I have looked in the mailing archives. Can anyone assist me in finding out
what I am doing wrong?

Best regards,

Michael D. Peters 



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No portscan alerts shown in acid. Peters, Michael D. (Oct 17)
- <Possible follow-ups>
- Re: No portscan alerts shown in acid. John Creegan (Oct 18)