[Snort-users] Snort Config W2K

Michael Steele michaels at ...9077...
Sun Jun 1 21:17:02 EDT 2003


Steven,

 

Have you got this line in your snort.conf?

 

preprocessor portscan: $HOME_NET 4 3 d:/IDS/Snort/log/portscan.log

 

Make sure the path exists

 

What is your run line?

 

Are you running it with the '-A fast' ?

 

Have you tried running a vulnerability scanner on your network?

 

Have you got any data in the portscan.log file?

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician    
 mailto:michaels at ...9077...   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steven
Williams
Sent: Sunday, June 01, 2003 8:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Config W2K

 

Hi,

 

I have Snort 2.0 running on W2K and works great.

 

However, any portscans detected and logged into the event log and not the
MySQL database. All the other alerts log into Mysql fine.

 

What am I doing wrong?

 

Thanks

 

Steve

 

Steve Williams

Communications Support Engineer

Computershare Technology Services

Melbourne Australia

 <mailto:steven.williams at ...4864...>
steven.williams at ...4864...

+61 3 9235 5651

 

 <http://www.computershare.com> www.computershare.com

 

 

 

 



---
This email and any files transmitted with it are solely intended for the use
of the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete
it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030601/3d6aabbb/attachment.html>


More information about the Snort-users mailing list