[Snort-users] no data in portscan.log
erek at ...950...
Wed Jul 16 10:50:15 EDT 2003
On Wed, 16 Jul 2003, [iso-8859-1] Björn Brombach wrote:
> The two Portscan processors are activated and kept the default values of
> them. The output processor is logging alerts to database and standard to
> file as well. The System is running fine except the portscan bar in ACID
> stays at 0%, although portscans are reported and logged into the
> database correctly. Furthermore no data at all is in the file
Never run both. It's a waste of CPU and time. Pick one or the other.
> And i got another concern. Is it possible to distinguish between the
> direction of packets when excluding them from portscanning? What i mean
> is that i only want to exclude outgoing traffic (source) from certain ip
> adresses, but not the incoming (destination) as well.
Check the FAQ. 3.9.
> Having reinstalled the applications and looked through faqs and more, i was
> not able to find any hints to a solution so far.
Ummm... See above. :)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users