Snort mailing list archives

RE: portscan.log empty despite nmap scan?


From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 21 Jun 2002 07:19:50 -0600

have you checked your snort.conf file to verify that the line for the
preprocessor portscan is not commented out ?

-----Original Message-----
From: systemic () speakeasy net [mailto:systemic () speakeasy net]
Sent: Thursday, June 20, 2002 8:20 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] portscan.log empty despite nmap scan?


Hello,
I succesfully installed snort-1.8.3 on an OpenBSD 3.1 firewall today. I've
been nmapping it's NIC facing the internet from another workstation on my
internal network to see if I get a log of the event.
/var/log/snort/portscan.log and alert are there but empty. In
/etc/snort.conf I've specified my NIC facing the internet as:
var HOME_NET [12.228.128.74]
external network addresses as:
var EXTERNAL_NET any

I've tried running snort the following ways and then running my scan:
/usr/local/bin/snort &
/usr/local/bin/snort -A full &
/usr/local/bin/snort -A full -c /etc/snort.conf -l /var/log/snort &
/usr/local/bin/snort -A full -c /etc/snort.conf -s -l /var/log/snort &

Anyone know this isn't working the way I want it to?

I'd appreciate any advice :)


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: