Snort mailing list archives

RE: Denmarc/Snort and portscans


From: "Chris Grout" <cgrout () s4r com>
Date: Thu, 25 Oct 2001 20:10:16 -0700

With that line (the default), I believe the portscan.log file actually
will be written to your root.  At least it did so on my OpenBSD 2.9 box.
And the portscan preprossor does not get written to the MySQL database,
and therefore Demarc does not "see" those entries.  If I'm wrong, please
let me know!

Chris

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Lists
Sent: Thursday, October 25, 2001 6:10 PM
To: DEMARC-Users () demarc org
Cc: snort-users () lists sourceforge net; Gisler, Johnny
Subject: [Snort-users] Denmarc/Snort and portscans


Greetings,

I am lighting off a portscan on my home_net and nothing is popping up on
Demarc or getting logged to /var/log/snort/portscan.log

The machine I am launching the scan from is on my home_net subnet.  I
notice in the snort.conf portscan preprocessor:

preprocessor portscan: $HOME_NET 4 3 portscan.log

I have tried changing the value to: "any" (no quotes) with no luck.

Anybody have any thoughts?

TIA

Ben




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: