Snort mailing list archives
RE: Denmarc/Snort and portscans
From: "Chris Grout" <cgrout () s4r com>
Date: Thu, 25 Oct 2001 20:10:16 -0700
With that line (the default), I believe the portscan.log file actually will be written to your root. At least it did so on my OpenBSD 2.9 box. And the portscan preprossor does not get written to the MySQL database, and therefore Demarc does not "see" those entries. If I'm wrong, please let me know! Chris -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Lists Sent: Thursday, October 25, 2001 6:10 PM To: DEMARC-Users () demarc org Cc: snort-users () lists sourceforge net; Gisler, Johnny Subject: [Snort-users] Denmarc/Snort and portscans Greetings, I am lighting off a portscan on my home_net and nothing is popping up on Demarc or getting logged to /var/log/snort/portscan.log The machine I am launching the scan from is on my home_net subnet. I notice in the snort.conf portscan preprocessor: preprocessor portscan: $HOME_NET 4 3 portscan.log I have tried changing the value to: "any" (no quotes) with no luck. Anybody have any thoughts? TIA Ben _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Denmarc/Snort and portscans Lists (Oct 25)
- RE: Denmarc/Snort and portscans Chris Grout (Oct 25)
- Re: Denmarc/Snort and portscans Michael Sullenszino (Oct 25)
- RE: Denmarc/Snort and portscans Chris Grout (Oct 25)