[Snort-users] Denmarc/Snort and portscans

Chris Grout cgrout at ...3649...
Thu Oct 25 20:11:01 EDT 2001

With that line (the default), I believe the portscan.log file actually
will be written to your root.  At least it did so on my OpenBSD 2.9 box.
And the portscan preprossor does not get written to the MySQL database,
and therefore Demarc does not "see" those entries.  If I'm wrong, please
let me know!


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Lists
Sent: Thursday, October 25, 2001 6:10 PM
To: DEMARC-Users at ...2629...
Cc: snort-users at lists.sourceforge.net; Gisler, Johnny
Subject: [Snort-users] Denmarc/Snort and portscans


I am lighting off a portscan on my home_net and nothing is popping up on
Demarc or getting logged to /var/log/snort/portscan.log

The machine I am launching the scan from is on my home_net subnet.  I
notice in the snort.conf portscan preprocessor:

preprocessor portscan: $HOME_NET 4 3 portscan.log

I have tried changing the value to: "any" (no quotes) with no luck.

Anybody have any thoughts?



Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list