[Snort-users] Snort Config W2K

Michael Steele michaels at ...9077...
Sun Jun 1 21:17:02 EDT 2003



Have you got this line in your snort.conf?


preprocessor portscan: $HOME_NET 4 3 d:/IDS/Snort/log/portscan.log


Make sure the path exists


What is your run line?


Are you running it with the '-A fast' ?


Have you tried running a vulnerability scanner on your network?


Have you got any data in the portscan.log file?


-Michael Steele
 System Engineer / Security Support Technician    
 mailto:michaels at ...9077...   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steven
Sent: Sunday, June 01, 2003 8:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Config W2K




I have Snort 2.0 running on W2K and works great.


However, any portscans detected and logged into the event log and not the
MySQL database. All the other alerts log into Mysql fine.


What am I doing wrong?






Steve Williams

Communications Support Engineer

Computershare Technology Services

Melbourne Australia

 <mailto:steven.williams at ...4864...>
steven.williams at ...4864...

+61 3 9235 5651


 <http://www.computershare.com> www.computershare.com





This email and any files transmitted with it are solely intended for the use
of the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete
it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030601/3d6aabbb/attachment.html>

More information about the Snort-users mailing list