[Snort-users] portscan events not showing up in base
joel.esler at ...1935...
Tue May 23 09:08:11 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
What is your portscan line from your snort.conf file?
John Newman wrote:
> I'm using snort 2.4.4 but not sfportscan, rather the older portscan and
> portscan2 modules. I've just realized that, although portscans are
> being detected just fine, they aren't being propagated through barnyard
> into the base database.
> select * from acid_event where sig_name like '%portscan%' and timestamp >
> '2006-05-01 00:00:00';
> returns nothing
> If I change the date portion to sometime last month, before I switched
> from sfportscan, I get all sorts of results. Does anyone have any clue
> what might be causing this?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-users