Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort "portscan.log" file empty?

From: "Jason A. Haynes" <jahaynes () erols com>
Date: Tue, 14 Aug 2001 18:22:17 -0400 (EDT)

portscan.log logs port scans.  alert.log logs, well, alerts.  You should
have both perl clients, one for each logfile format.  If you're missing
it, the alert one is here:
http://www.dshield.org/clients/dshield_snort.pl

BTW, thanks for the link; I'll start sending them my home logs as soon as
I script up a sort of whitelist for my job & other IPs I test from.

Jason
On Tue, 14 Aug 2001, Matt Harrell wrote:


I'm a relatively new user of Snort.  I'm running Snort version 1.8p1-0
(RPM) on Red Hat Linux 7.1.  I've noticed that the
/var/log/snort/portscan.log file rarely gets stuff logged to it, even
though I see a lot of activity logged by Snort in the "auth" log (and
"syslog") and for individual IP numbers in /var/log/snort for Code Red.
Shouldn't more be getting logged in portscan.log? 
 
The main reason I'm asking is that I recently became a member of DShield
(http://www.dshield.org), and I'm tyring to send in my Snort
portscan.log file every day for the project using the Perl script I got
from the DShield web site for Snort (specifically for portscan.log).  It
seems only partially useful if many attacks that Snort detects are not
logged to portscan.log.
 
Thank you.
 
Matt Harrell
Plexus Systems
mhar () plex-sys com
?????????????????????????????????????????????X??X??)????????X???????y?+???z????a??.????z???m?????????r??{?m????X???????y?+???z????l?X??)???'???????)????????+-j?!?????i?????z?+k
 ^??(???v*????????+-??????




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: