[Snort-users] portscan events not showing up in base

Joel Esler joel.esler at ...1935...
Tue May 23 09:08:11 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is your portscan line from your snort.conf file?

Joel

John Newman wrote:
> Hello,
> 
> I'm using snort 2.4.4 but not sfportscan, rather the older portscan and
> portscan2 modules.  I've just realized that, although portscans are
> being detected just fine, they aren't being propagated through barnyard
> into the base database.  
> 
> e.g.
> 
> select * from acid_event where sig_name like '%portscan%' and timestamp >
> '2006-05-01 00:00:00';
> 
> returns nothing
> 
> If I change the date portion to sometime last month, before I switched
> from sfportscan, I get all sorts of results.   Does anyone have any clue
> what might be causing this?
> 
> thanks,
> 

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEczNBKbCSyXHckt4RAqruAKCmakaXNUM6eLp+AknGUyXiXffhAgCeO6OI
KYB1aZzD/x8WBjH/RXSrWJE=
=Eu41
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list