[Snort-users] no data in portscan.log

Björn Brombach b.brombach at ...9655...
Wed Jul 16 02:33:14 EDT 2003


Hi!
I installed Snort on Suse 8.2 with MySQL and ACID.
I havent done much tuning yet so Snort is running mostly with default
settings turned on.
The two Portscan processors are activated and kept the default values of
them.
The output processor is logging alerts to database and standard to file as
well.
The System is running fine except the portscan bar in ACID stays at 0%,
although portscans are reported and logged into the database correctly.
Furthermore no data at all is in the file portscan.log.

And i got another concern.
Is it possible to distinguish between the direction of packets when
excluding them from portscanning? What i mean is that i only want to exclude
outgoing traffic (source) from certain ip adresses, but not the incoming
(destination) as well.


Having reinstalled the applications and looked through faqs and more, i was
not able to find any hints to a solution so far.
Thanks for any help
bb





More information about the Snort-users mailing list