[Snort-users] Denmarc/Snort and portscans

Chris Grout cgrout at ...3649...
Thu Oct 25 20:11:01 EDT 2001


With that line (the default), I believe the portscan.log file actually
will be written to your root.  At least it did so on my OpenBSD 2.9 box.
And the portscan preprossor does not get written to the MySQL database,
and therefore Demarc does not "see" those entries.  If I'm wrong, please
let me know!

Chris

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Lists
Sent: Thursday, October 25, 2001 6:10 PM
To: DEMARC-Users at ...2629...
Cc: snort-users at lists.sourceforge.net; Gisler, Johnny
Subject: [Snort-users] Denmarc/Snort and portscans


Greetings,

I am lighting off a portscan on my home_net and nothing is popping up on
Demarc or getting logged to /var/log/snort/portscan.log

The machine I am launching the scan from is on my home_net subnet.  I
notice in the snort.conf portscan preprocessor:

preprocessor portscan: $HOME_NET 4 3 portscan.log

I have tried changing the value to: "any" (no quotes) with no luck.

Anybody have any thoughts?

TIA

Ben




_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list