[Snort-users] portscan.log file

Erek Adams erek at ...577...
Wed Oct 9 21:13:02 EDT 2002


On Wed, 9 Oct 2002, Ganu Skop wrote:

> Love to hear if anyone has come up with a script that
> will get portscan.log daily in regard to particular
> date. With this I could be able to

Upgrade.  You're running 1.8.7 or less.  In the release of 1.9.0 spp_portscan,
which uses portscan.log, was replaced by spp_portscan2 which uses scan.log.

Anyway...  Make it simple on yourself.

  grep <DATE> portscan.log | sort -n | uniq

That'll give you each IP (listed once) that 'scanned' you during the day.
Yes, of course you can get more fancy--But that's the simple way.  :)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list