Re: flow-portscan data

[Matt Kettler <mkettler () evi-inc com>]

At 12:38 PM 12/22/2003, Matthew L. McCarty wrote:
> Could someone please tell me where this data is logged to or stored?
>
> I aksed this question once already but got no response -- so I reread the
> documentation and still can't find anything....WTD?  Why isn't it in the
> documentation and if it is -- where?

From RTing the FM, it appears that flow-portscan uses the standard alert 
or log mechanism.. thus the answer to "where it gets stored" is "where 
everything else gets stored".

From README.flow-portscan:


output-mode                  <msg|pktkludge>

  msg       - a variable text message with the scores included
  pktkludge - generate a fake pkt and use the Logging output system


certainly from that it's VERY clear output-mode pktkludge uses the standard 
logging system.. thus it will output to the same place as any rule that 
uses the log keyword.

I'd assume that msg uses either log or alert, but without a packet.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users