Snort mailing list archives

RE: ACID not reporting Portscan Traffic...sort of...

From: "Tobias Rice" <rice () up edu>
Date: Thu, 27 Mar 2003 08:49:50 -0800

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nope, never did.
This never worked on my linux systems, but did on my windows systems.
After I upgraded to 1.9.1 they stopped too. I'm going to try 2x and
see if it has any effect.



- -----Original Message-----
From: mike Hughes [mailto:mikehughes013 () hotmail com] 
Sent: Wednesday, March 26, 2003 4:03 PM
To: rice () up edu; snort-users () lists sourceforge net
Subject: Re: [Snort-users] ACID not reporting Portscan Traffic...sort
of...

Hey whats up!

Did you find a solution for this problem cause i go the exact same
problem!

From: "Tobias Rice" <rice () up edu>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] ACID not reporting Portscan Traffic...sort
of... Date: Mon, 24 Mar 2003 16:33:16 -0800
MIME-Version: 1.0
Received: from mc10-f34.bay6.hotmail.com ([65.54.166.170]) by 
mc10-s1.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon,
24 Mar  2003 16:35:59 -0800
Received: from sc8-sf-list2.sourceforge.net ([66.35.250.206]) by 
mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Mon, 24  Mar 2003 16:35:59 -0800
Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13] 
helo=sc8-sf-list1.sourceforge.net)by sc8-sf-list2.sourceforge.net
with  esmtp (Exim 3.31-VA-mm2 #1 (Debian))id 18xcOP-0000dD-00; Mon,
24 Mar 2003  16:34:17 -0800
Received: from lhotse.up.edu ([64.251.254.9])by 
sc8-sf-list1.sourceforge.net with esmtp (Cipher
TLSv1:DES-CBC3-SHA:168)  (Exim 3.31-VA-mm2 #1 (Debian))id
18xcNa-0000UG-00for 
<snort-users () lists sourceforge net>; Mon, 24 Mar 2003 16:33:27 -0800
Received: from P09809 (64-251-250-241.up.edu [64.251.250.241])by 
lhotse.up.edu (8.12.8/8.12.8) with ESMTP id h2P0Xen3021614for 
<snort-users () lists sourceforge net>; Mon, 24 Mar 2003 16:33:40 -0800
X-Message-Info: wCrlMA1YA+jz0bnTWff2CC2u6sdadwmq
Message-ID: <003401c2f266$2083f4e0$f1fafb40 () campus up edu>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: snort-users-admin () lists sourceforge net
Errors-To: snort-users-admin () lists sourceforge net
X-BeenThere: snort-users () lists sourceforge net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
List-Help:
<mailto:snort-users-request () lists sourceforge net?subject=help>
List-Post: <mailto:snort-users () lists sourceforge net>
List-Subscribe: 
<https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:sn
ort-users-request () lists sourceforge net?subject=subscribe> List-Id:
Snort users talk about... Snort! 
<snort-users.lists.sourceforge.net>
List-Unsubscribe: 
<https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:sn
ort-users-request () lists sourceforge net?subject=unsubscribe>
List-Archive: 
<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
X-Original-Date: Mon, 24 Mar 2003 16:33:16 -0800
Return-Path: snort-users-admin () lists sourceforge net
X-OriginalArrivalTime: 25 Mar 2003 00:35:59.0109 (UTC) 
FILETIME=[81626350:01C2F266]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello again!
I'm using ACID 9.6b23 and all is working just fine, with the exception of 
the "Portscan Traffic" portion of the "Traffic Profile by Protocol" on the 
home page. It just reads 0%. When I click on the 0% it shows me all of the 
portscan2 traffic just fine. I have the path in the acid_conf.php pointing 
to the name-of-the.log file and the permissions seem right for the file, 
but no dice.
Any suggestions?
Many thanks in advance.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPn+jzMNinOuDXR1bEQKOkQCcDqHJb+SoEbGscOwIyNOnxnojKzYAnRIK
NNc7fZccN6Sskt983RtPbJxu
=vsuE
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.  
http://join.msn.com/?page=features/junkmail

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPoMrrsNinOuDXR1bEQIqswCfdwtQ8tAo9h8EWF5LJEaG05J9mLIAoKuG
SIWxsFxZ+rI4+IOYmBIwy8bF
=FW54
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ACID not reporting Portscan Traffic...sort of... Tobias Rice (Mar 24)
- <Possible follow-ups>
- Re: ACID not reporting Portscan Traffic...sort of... mike Hughes (Mar 26)
  - RE: ACID not reporting Portscan Traffic...sort of... Tobias Rice (Mar 27)