Snort mailing list archives

Difference Portscan format under 2.1.0 to 2.0.5

From: Stephen Meatheringham <sme () heracles itsc adfa edu au>
Date: Mon, 16 Feb 2004 15:01:30 +1100 (EST)

Hi
  I've recently upgraded my snort from 2.0.5 to 2.1.0.  I note that the portscan 
section is now very different.  Indeed I don't seem to get a portscan log file 
any longer and see entries such as these in my alert log file:
[**] [121:4:1] Portscan detected from 203.26.51.50 Talker(fixed: 30 sliding: 30) 
Scanner(fixed: 0 sliding: 0) [**]
[**] [121:4:1] Portscan detected from 130.241.27.5 Talker(fixed: 30 sliding: 30) 
Scanner(fixed: 0 sliding: 0) [**]
[**] [121:4:1] Portscan detected from 61.88.251.10 Talker(fixed: 30 sliding: 30) 
Scanner(fixed: 0 sliding: 0) [**]

  If possible I'd like to get similar output to the older version which when 
processed with snortsnarf shows me the IP addresses scanned and the port(s) 
scanned on.  
  
  I can't seem to work out how to achieve this.
  
  Thanks in advance for any advice.
  
Stephen Meatheringham
   Senior Network Engineer, IT Services
   Australian Defence Force Academy
   email: s.meatheringham () adfa edu au  
   Phone: +61 2 6268 8142     Fax: +61 2 6268 8150



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Difference Portscan format under 2.1.0 to 2.0.5 Stephen Meatheringham (Feb 16)