Snort mailing list archives

Re: flow-portscan data


From: "Matthew L. McCarty" <matthew () rareearthstrategies com>
Date: Mon, 22 Dec 2003 14:07:02 -0600

O.k. I have read that part of the manual but I never tried the pktkludge 
option cause I thought the msg (default) should work fine.  It doesn't for my 
purposes. pktkludge is what I needed and makes sense now.

Thanks.


On Monday 22 December 2003 11:59, you wrote:
At 12:38 PM 12/22/2003, Matthew L. McCarty wrote:
Could someone please tell me where this data is logged to or stored?

I aksed this question once already but got no response -- so I reread the
documentation and still can't find anything....WTD?  Why isn't it in the
documentation and if it is -- where?

 From RTing the FM, it appears that flow-portscan uses the standard alert
or log mechanism.. thus the answer to "where it gets stored" is "where
everything else gets stored".

 From README.flow-portscan:


output-mode                  <msg|pktkludge>

   msg       - a variable text message with the scores included
   pktkludge - generate a fake pkt and use the Logging output system


certainly from that it's VERY clear output-mode pktkludge uses the standard
logging system.. thus it will output to the same place as any rule that
uses the log keyword.

I'd assume that msg uses either log or alert, but without a packet.

-- 
Matthew L. McCarty
Rare Earth Strategies Group Inc.
www.rareearthstrategies.com
(405)209-9598

Bringing IT solutions to your business through innovative strategies.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: