[Snort-users] ACID Portscan Traffic (0%)

Chris Eidem ceidem at ...5503...
Wed Dec 11 14:41:06 EST 2002


don't forget to chmod it so that your webserver can read it.  usually,
apache runs as nobody/nobody or web/web or something and the file's
permission is something like 600 (rw-------).

 - chris

> -----Original Message-----
> From: Luo, Philip [mailto:Philip_Luo at ...4729...]
> Sent: Wednesday, December 11, 2002 2:23 PM
> To: Snort Users (E-mail)
> Subject: RE: [Snort-users] ACID Portscan Traffic (0%)
> 
> 
> I am having the same problem. I did check the acid_conf.php 
> file, it looks
> ok, and my scan.log is getting bigger, which ACID can not show.
> 
> -----Original Message-----
> From: Hicks, John [mailto:JHicks at ...5857...] 
> Sent: Wednesday, December 11, 2002 11:13 AM
> To: 'Gary Borgeson'; Snort Users (E-mail)
> Subject: RE: [Snort-users] ACID Portscan Traffic (0%)
> 
> From the config doc
> (http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html)
> [OPTIONAL for Snort portscan pre-processor support]
> $portscan_file  : full path to a Snort portscan log file
> 
> set this in acid.conf.
> 
> hth,
> John Hicks
>     
> 
> hth,
> John Hicks
> -----Original Message-----
> From: Gary Borgeson [mailto:gborgeson at ...7012...]
> Sent: Wednesday, December 11, 2002 10:22 AM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] ACID Portscan Traffic (0%)
> 
> 
> On the ACID main page we have Traffic Profile by Protocol 
> including Portscan
> Traffic. This % has stayed at 0 since day one. Even when I 
> launch my own
> scan it stays at 0%. There is plenty of stuff in 
> portscan.log. How should I
> interpret this?
> 
> Thanks, G  
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list