[Snort-users] Port Scan traffic not showing

Dustin Decker dustind at ...7902...
Mon Jan 6 20:14:04 EST 2003


On Mon, 6 Jan 2003 linuxnews at ...7917... wrote:

> I recentely installed Snort and i'm using the Acid console for output, I 
> can't seem to get logs though for port scan traffic, i've done multiple 
> port scans on the network but nothing is showing up.  I made sure that the 
> port scan rules were not commented out, I'm wondering if it's because we 
> have a token ring network?  Does anyone have any ideas?

From:
http://www.snort.org/docs/faq.html#6.16

"Q: Portscans are not being logged to my database

A: You need to change the output facility to 'alert' rather then 'log'.  
The portscan preprocessor calls output plugins registered as 'alert' 
plugins rather then 'log'. 
output database: alert, mysql, user=snort dbname=snort host=localhost"

Hope this helps,
D.

-- 
*-----------------------------------*
| Dustin Decker                     |
| dustind at ...7902...       *-----------------------------------------*
| http://www.dustindecker.com |                                         |
| Moon-Lite Computing         |                                         |
| 913.579.7117                |                                         |
*-----------------------------|            E = MC ** 2 +- 3db           |
                              |                                         |
                              |                                         |
                              |                                         |
                              *-----------------------------------------*





More information about the Snort-users mailing list