Snort mailing list archives

Re: snort 186 does not detect/log any portscans


From: counter.spy () gmx de
Date: Thu, 25 Apr 2002 18:04:59 +0200 (MEST)

Joe,
thanks for the idea, I tried and added a comma, but it still didn't work. :(

Any other ideas?
Maybe I will have to make a distclean, recompile and see if it's still
missing scans,
but I still suppose it's some stupid error of mine.

Cheers, 
D. Liesen

Joe McAlerney wrote:
You are missing a comma after detect_scans for the stream4
preprocessor.  I don't see how that would affect the portscan
preprocessor, but it's a place to start.

Cheers,

-Joe M.

-- 
Joe McAlerney
Silicon Defense: IDS Solutions

counter.spy () gmx de wrote:

Hello,

having installed snort 1.8.6 on a SuSE Linux box with mysql support I have
found that it doesn't detect/log portscans as it had before with 1.8.4,
same
setup
(okay, the only difference is: I am now using a Linux box for the database
with ACID, as well ;).
I

config:
preprocessor stream4: detect_scans detect_state_problems
preprocessor stream4_reassemble: ports all
preprocessor portscan: 0.0.0.0/0 6 3 /var/log/snort/portscan.log

command line:
snort -c path_to_configfile -i eth1

Everything else seems to work fine.
Anyone else having this problem?
Have I missed any changes from 1.8.4?

I guess it's just one of those stupid things that's poking my nose and
giggling:
"Hello, I am the little obvious_user_error, don't you see me?" and I just
don't see it. ;)

Thanks for any help!
Greetings,
D. Liesen

--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: