[Snort-users] portscan.log file
erek at ...577...
Wed Oct 9 21:13:02 EDT 2002
On Wed, 9 Oct 2002, Ganu Skop wrote:
> Love to hear if anyone has come up with a script that
> will get portscan.log daily in regard to particular
> date. With this I could be able to
Upgrade. You're running 1.8.7 or less. In the release of 1.9.0 spp_portscan,
which uses portscan.log, was replaced by spp_portscan2 which uses scan.log.
Anyway... Make it simple on yourself.
grep <DATE> portscan.log | sort -n | uniq
That'll give you each IP (listed once) that 'scanned' you during the day.
Yes, of course you can get more fancy--But that's the simple way. :)
More information about the Snort-users