Snort mailing list archives
@snort.log empty files
From: anagha b <banagha3 () gmail com>
Date: Thu, 31 Oct 2013 17:04:25 +0530
Hi All I am facing problem of empty files [snort.log files are empty] while detecting portscan. I tried follwing solution 1] I added following rule into local.rules file alert icmp any any -> any any (msg:"ICMP test"; classtype:bad-unknown; sid:10000016; rev:1;) then snort.log is not empty. Barnyard is also giving bad icmp traffic alert if I am pinging the snort machine from other machine. 2] I want to detect portscan using sfportscan I set sfportscan in config file as preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } I tried to perform nmap decoy scan from another machine on snort machine *and then again snort.log is empty .[ I removed rule from local.rules when tried portscan]* How can I see the portscan detection using snort.log if the file is empty? Help needed.
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- @snort.log empty files anagha b (Oct 31)