[Snort-users] flow-portscan data
mkettler at ...4108...
Mon Dec 22 09:58:02 EST 2003
At 12:38 PM 12/22/2003, Matthew L. McCarty wrote:
>Could someone please tell me where this data is logged to or stored?
>I aksed this question once already but got no response -- so I reread the
>documentation and still can't find anything....WTD? Why isn't it in the
>documentation and if it is -- where?
From RTing the FM, it appears that flow-portscan uses the standard alert
or log mechanism.. thus the answer to "where it gets stored" is "where
everything else gets stored".
msg - a variable text message with the scores included
pktkludge - generate a fake pkt and use the Logging output system
certainly from that it's VERY clear output-mode pktkludge uses the standard
logging system.. thus it will output to the same place as any rule that
uses the log keyword.
I'd assume that msg uses either log or alert, but without a packet.
More information about the Snort-users