[Snort-users] Snort Config W2K
michaels at ...9077...
Sun Jun 1 21:17:02 EDT 2003
Have you got this line in your snort.conf?
preprocessor portscan: $HOME_NET 4 3 d:/IDS/Snort/log/portscan.log
Make sure the path exists
What is your run line?
Are you running it with the '-A fast' ?
Have you tried running a vulnerability scanner on your network?
Have you got any data in the portscan.log file?
System Engineer / Security Support Technician
mailto:michaels at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steven
Sent: Sunday, June 01, 2003 8:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Config W2K
I have Snort 2.0 running on W2K and works great.
However, any portscans detected and logged into the event log and not the
MySQL database. All the other alerts log into Mysql fine.
What am I doing wrong?
Communications Support Engineer
Computershare Technology Services
<mailto:steven.williams at ...4864...>
steven.williams at ...4864...
+61 3 9235 5651
This email and any files transmitted with it are solely intended for the use
of the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete
it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users