[Snort-users] Snort-2.1.3 Portscan

Scott Elgram SElgram at ...10477...
Mon Aug 16 11:20:35 EDT 2004


Steven,
    It's set to log
-------------------------------------------------------
output database: log, mysql, user=<DB User> password=<Password> dbname=snort
host=localhost encoding=hex detail=Full
-------------------------------------------------------
If I change this to alert will i still me logging everything in MySql?  Or
is there another way around this to log in a DB and include portscan
messages?

Thanks,
-Scott

----- Original Message ----- 
From: "Steven Bairstow" <sab139 at ...11968...>
To: "Scott Elgram" <SElgram at ...10477...>
Sent: Monday, August 16, 2004 11:00 AM
Subject: Re: [Snort-users] Snort-2.1.3 Portscan


> In the "output database" configuration line, do you have it set to alert
or log?  Log won't include portscan messages.
>
>
> >Hello,
> >    I am trying to configure a SNORT 2.1.3 system with MySql and Acid.  I
> >have it all up and running just fine right now except for one thing.  I
> >can't seem to get anything to register in the port scan traffic section
of
> >Acid.  I have looked through my Snort.conf for anything and found the
> >flow-portscan preprocessor.  I uncommented it and configured it as
follows:
> >--------------------------------------------------------
> >preprocessor flow-portscan: \
> >unique-memcap 5000000 \
> >unique-rows 50000 \
> >server-watchnet [192.168.0.0/24] \
> >server-learning-time 300 \
> >server-scanner-limit 50 \
> >alert-mode once \
> >output-mode msg \
> >tcp-penalties on
> >--------------------------------------------------------
> >
> >    Even with this configuration I still can't seem to get anything to
> >register in that particular section.  I am using superscan and scanning
> >various IP's on the network SNORT is watching.  Have I configured this
wrong
> >maybe?
> >
> >Thanks,
> >-Scott
> >
>
> -- 
>
>
> Steven Bairstow
> Computer and Network Services - Abington College - Penn State University
> http://www.personal.psu.edu/~sab139              PGP Key ID = 0x0C81E13C
>
>
> "No trees were killed in the creation of this message.
> However, many electrons were terribly inconvenienced."
>






More information about the Snort-users mailing list