Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-2.1.3 Portscan

From: "Scott Elgram" <SElgram () verifpoint com>
Date: Mon, 16 Aug 2004 11:20:23 -0700
Steven,
    It's set to log
-------------------------------------------------------
output database: log, mysql, user=<DB User> password=<Password> dbname=snort
host=localhost encoding=hex detail=Full
-------------------------------------------------------
If I change this to alert will i still me logging everything in MySql?  Or
is there another way around this to log in a DB and include portscan
messages?

Thanks,
-Scott

----- Original Message ----- 
From: "Steven Bairstow" <sab139 () psu edu>
To: "Scott Elgram" <SElgram () verifpoint com>
Sent: Monday, August 16, 2004 11:00 AM
Subject: Re: [Snort-users] Snort-2.1.3 Portscan



In the "output database" configuration line, do you have it set to alert

or log?  Log won't include portscan messages.




Hello,
   I am trying to configure a SNORT 2.1.3 system with MySql and Acid.  I
have it all up and running just fine right now except for one thing.  I
can't seem to get anything to register in the port scan traffic section

of

Acid.  I have looked through my Snort.conf for anything and found the
flow-portscan preprocessor.  I uncommented it and configured it as

follows:

--------------------------------------------------------
preprocessor flow-portscan: \
unique-memcap 5000000 \
unique-rows 50000 \
server-watchnet [192.168.0.0/24] \
server-learning-time 300 \
server-scanner-limit 50 \
alert-mode once \
output-mode msg \
tcp-penalties on
--------------------------------------------------------

   Even with this configuration I still can't seem to get anything to
register in that particular section.  I am using superscan and scanning
various IP's on the network SNORT is watching.  Have I configured this

wrong

maybe?

Thanks,
-Scott



-- 


Steven Bairstow
Computer and Network Services - Abington College - Penn State University
http://www.personal.psu.edu/~sab139              PGP Key ID = 0x0C81E13C


"No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced."






-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: