Snort mailing list archives
RE: portscan.log empty despite nmap scan?
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 21 Jun 2002 07:19:50 -0600
have you checked your snort.conf file to verify that the line for the preprocessor portscan is not commented out ? -----Original Message----- From: systemic () speakeasy net [mailto:systemic () speakeasy net] Sent: Thursday, June 20, 2002 8:20 PM To: snort-users () lists sourceforge net Subject: [Snort-users] portscan.log empty despite nmap scan? Hello, I succesfully installed snort-1.8.3 on an OpenBSD 3.1 firewall today. I've been nmapping it's NIC facing the internet from another workstation on my internal network to see if I get a log of the event. /var/log/snort/portscan.log and alert are there but empty. In /etc/snort.conf I've specified my NIC facing the internet as: var HOME_NET [12.228.128.74] external network addresses as: var EXTERNAL_NET any I've tried running snort the following ways and then running my scan: /usr/local/bin/snort & /usr/local/bin/snort -A full & /usr/local/bin/snort -A full -c /etc/snort.conf -l /var/log/snort & /usr/local/bin/snort -A full -c /etc/snort.conf -s -l /var/log/snort & Anyone know this isn't working the way I want it to? I'd appreciate any advice :) ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan.log empty despite nmap scan? systemic (Jun 20)
- <Possible follow-ups>
- RE: portscan.log empty despite nmap scan? Slighter, Tim (Jun 21)