<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
p
        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.emailstyle17
        {font-family:Arial;
        color:windowtext;}
span.emailstyle20
        {font-family:Arial;
        color:navy;}
span.emailstyle22
        {font-family:Arial;
        color:navy;}
span.emailstyle23
        {font-family:Arial;
        color:navy;}
span.emailstyle24
        {font-family:Arial;
        color:navy;}
span.emailstyle25
        {font-family:Arial;
        color:navy;}
span.EmailStyle26
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>No, nothing is being logged to this file.</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Steve</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<div>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'>Steve Williams</span></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'>Communications </span></font><font
 size=1 color=navy face=Arial><span style='font-size:7.5pt;font-family:Arial;
 color:navy'>Support</span></font><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'> Engineer</span></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'>Computershare Technology
Services</span></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><st1:City><st1:place><span
style='font-size:7.5pt;font-family:Arial;color:navy'>Melbourne </st1:place></st1:City><st1:country-region><st1:place>Australia</span></st1:place></st1:country-region></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="mailto:steven.williams@...4864...">steven.williams@...4864...</a></span></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'>+61 3 9235 5651</span></font></p>

<p class=MsoPlainText><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText><font size=1 color=navy face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="http://www.computershare.com">www.computershare.com</a></span></font></p>

<p class=MsoPlainText><font size=2 color=navy face="Courier New"><span
style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText><font size=3 color=navy face="Times New Roman"><span
style='font-size:12.0pt;font-family:"Times New Roman";color:navy'> </span></font></p>

<p class=MsoAutoSig><font size=3 color=navy face="Times New Roman"><span
style='font-size:12.0pt;color:navy'> </span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> </span></font><font size=2
 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Michael Steele</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
[mailto:michaels@...9077...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, June 03, 2003 11:37
AM<br>
<b><span style='font-weight:bold'>To:</span></b> </span></font><font size=2
 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>'</span></font><font
  size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Steven
  Williams</span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;
 font-family:Tahoma'>'</span></font><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>Cc:</span></b> </span></font><font size=2
 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>snort-users@lists.sourceforge.net</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>Subject:</span></b> [SMISPAM4] RE: [SMISPAM4]
RE: [Snort-users] Snort Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Steve,</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Are you getting any of
the scans logged to the portscan.log file?</span></font></p>

<div>

<p style='margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><font size=2
color=navy face="Times New Roman"><span style='font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
 System Engineer / Security Support Technician    <br>
 <a href="mailto:michaels@...9077...">mailto:michaels@...9077...</a>   <br>
 Website: <a href="http://www.winsnort.com">http://www.winsnort.com</a><br>
 Snort: Open Source Network IDS - <a href="http://www.snort.org">http://www.snort.org</a></span></font></p>

</div>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Steven Williams
[mailto:Steven.Williams@...4864...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Monday, June 02, 2003 6:11
PM<br>
<b><span style='font-weight:bold'>To:</span></b> 'Michael Steele'; Steven
Williams<br>
<b><span style='font-weight:bold'>Cc:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [SMISPAM4] RE:
[Snort-users] Snort Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>I’ve
added the line </span></font><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>preprocessor portscan:
$HOME_NET 4 3 d:/mypath to portscan.log and checked that Snort was happy with
this. This has stopped logging portscans to the windows event log, however they
still don’t appear in the MySQl database.</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Thanks</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Steve</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<div>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Steve
Williams</span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Communications
Support Engineer</span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Computershare
Technology Services</span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><st1:City><st1:place><span style='font-size:7.5pt;font-family:Arial;
color:navy'>Melbourne </st1:place></st1:City><st1:country-region><st1:place>Australia</span></st1:place></st1:country-region></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="mailto:steven.williams@...4864...">steven.williams@...4864...</a></span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>+61 3
9235 5651</span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=2 color=navy
face="Courier New"><span style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="http://www.computershare.com">www.computershare.com</a></span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=2 color=navy
face="Courier New"><span style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText style='margin-left:1.0in'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;font-family:"Times New Roman";
color:navy'> </span></font></p>

<p class=MsoAutoSig style='margin-left:1.0in'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;color:navy'> </span></font></p>

</div>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Michael Steele
[mailto:michaels@...9077...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Monday, June 02, 2003 5:20
PM<br>
<b><span style='font-weight:bold'>To:</span></b> 'Steven Williams'<br>
<b><span style='font-weight:bold'>Cc:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> [SMISPAM4] RE:
[Snort-users] Snort Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Steven,</span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>I have
the line below and I am logging portscans to MySQL.</span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>preprocessor portscan:
$HOME_NET 4 3 c:/IDS/Snort/log/portscan.log</span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>For
whatever reason I see that I have the line below hashed out. I’ll check
that out tomorrow.</span></font></p>

<p class=MsoNormal style='margin-left:1.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<div>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
portscan2: scanners_max 3200, targets_max 5000, target_limit 3, port_limit 5,
timeout 120</span></font></p>

<p style='margin-right:0in;margin-bottom:12.0pt;margin-left:1.5in'><font
size=2 color=navy face="Times New Roman"><span style='font-size:10.0pt;
color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
 System Engineer / Security Support Technician    <br>
 <a href="mailto:michaels@...9077...">mailto:michaels@...9077...</a>   <br>
 Website: <a href="http://www.winsnort.com">http://www.winsnort.com</a><br>
 Snort: Open Source Network IDS - <a href="http://www.snort.org">http://www.snort.org</a></span></font></p>

</div>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Steven Williams
[mailto:Steven.Williams@...4864...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Sunday, June 01, 2003 11:49
PM<br>
<b><span style='font-weight:bold'>To:</span></b> 'Michael Steele';
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Snort
Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Hi
Michael,</span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Love the
site and forum, keep up the good work. </span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Here is
my config;</span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
frag2</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
stream4: detect_scans, disable_evasion_alerts</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
stream4_reassemble</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash
full_whitespace</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
rpc_decode: 111 32771</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
bo: -nobrute</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
telnet_decode</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
asn1_decode</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>preprocessor
portscan2: scanners_max 3200, targets_max 5000, target_limit 3, port_limit 5,
timeout 120</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>output
database: log, mysql, user=XXXX dbname=XXXX host=XXXXX sensor_name=XXXXXX</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>output
alert_syslog: LOG_AUTH LOG_ALERT </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>I
am running this as a service using Firedaemon, the command line executed is
d:\snort\snort.exe -c d:\snort\snort.conf -l d:\snort\logs -i1</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>Should
I add the comments to the preprocessor portscan line, and will this then log
portscans into the Mysql database?</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>I
know the portscans are being detected because it fills my W2K Event Logs full
of notifications.</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>Thanks
in advance</span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in;text-autospace:none'><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>Steve</span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<div>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Steve Williams</span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Communications
Support Engineer</span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>Computershare
Technology Services</span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><st1:City><st1:place><span style='font-size:7.5pt;font-family:Arial;
color:navy'>Melbourne </st1:place></st1:City><st1:country-region><st1:place>Australia</span></st1:place></st1:country-region></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="mailto:steven.williams@...4864...">steven.williams@...4864...</a></span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'>+61 3
9235 5651</span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=2 color=navy
face="Courier New"><span style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=1 color=navy
face=Arial><span style='font-size:7.5pt;font-family:Arial;color:navy'><a
href="http://www.computershare.com">www.computershare.com</a></span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=2 color=navy
face="Courier New"><span style='font-size:10.0pt;color:navy'> </span></font></p>

<p class=MsoPlainText style='margin-left:2.0in'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;font-family:"Times New Roman";
color:navy'> </span></font></p>

<p class=MsoAutoSig style='margin-left:2.0in'><font size=3 color=navy
face="Times New Roman"><span style='font-size:12.0pt;color:navy'> </span></font></p>

</div>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Michael Steele
[mailto:michaels@...9077...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Monday, June 02, 2003 2:15
PM<br>
<b><span style='font-weight:bold'>To:</span></b> 'Steven Williams';
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Snort
Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Steven,</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Have you
got this line in your snort.conf?</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>preprocessor portscan:
$HOME_NET 4 3 d:/IDS/Snort/log/portscan.log</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Make sure the path exists</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>What is
your run line?</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Are you
running it with the ‘-A fast’ ?</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Have you
tried running a vulnerability scanner on your network?</span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal style='margin-left:2.5in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Have you
got any data in the portscan.log file?</span></font></p>

<div>

<p style='margin-right:0in;margin-bottom:12.0pt;margin-left:2.5in'><font
size=2 color=navy face="Times New Roman"><span style='font-size:10.0pt;
color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
 System Engineer / Security Support Technician    <br>
 <a href="mailto:michaels@...9077...">mailto:michaels@...9077...</a>   <br>
 Website: <a href="http://www.winsnort.com">http://www.winsnort.com</a><br>
 Snort: Open Source Network IDS - <a href="http://www.snort.org">http://www.snort.org</a></span></font></p>

</div>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@...974...rceforge.net]
<b><span style='font-weight:bold'>On Behalf Of </span></b>Steven Williams<br>
<b><span style='font-weight:bold'>Sent:</span></b> Sunday, June 01, 2003 8:04
PM<br>
<b><span style='font-weight:bold'>To:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Snort-users] Snort
Config W2K</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Hi,</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>I have Snort 2.0 running on W2K and
works great.</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>However, any portscans detected and
logged into the event log and not the MySQL database. All the other alerts log
into Mysql fine.</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>What am I doing wrong?</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Thanks</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Steve</span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'>Steve Williams</span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'>Communications Support Engineer</span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'>Computershare Technology Services</span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><st1:City><st1:place><span
style='font-size:7.5pt;font-family:Arial'>Melbourne </st1:place></st1:City><st1:country-region><st1:place>Australia</span></st1:place></st1:country-region></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'><a
href="mailto:steven.williams@...4864..."><font face="Courier New"><span
style='font-family:"Courier New"'>steven.williams@...4864...</span></font></a></span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'>+61 3 9235 5651</span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt'> </span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=1 face=Arial><span
style='font-size:7.5pt;font-family:Arial'><a href="http://www.computershare.com"><font
face="Courier New"><span style='font-family:"Courier New"'>www.computershare.com</span></font></a></span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=2 face="Courier New"><span
style='font-size:10.0pt'> </span></font></p>

<p class=MsoPlainText style='margin-left:3.0in'><font size=3
face="Times New Roman"><span style='font-size:12.0pt;font-family:"Times New Roman"'> </span></font></p>

<p class=MsoAutoSig style='margin-left:3.0in'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:3.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
<br>
---<br>
This email and any files transmitted with it are solely intended for the use of
the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete it
and destroy any copies immediately.<br>
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.<br>
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.</span></font></p>

<p class=MsoNormal style='margin-left:2.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
<br>
---<br>
This email and any files transmitted with it are solely intended for the use of
the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete it
and destroy any copies immediately.<br>
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.<br>
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
<br>
---<br>
This email and any files transmitted with it are solely intended for the use of
the addressee(s) and may contain information that is confidential and privileged.
If you receive this email in error, please advise us by return email
immediately. Please also disregard the contents of the email, delete it and
destroy any copies immediately.<br>
Computershare Limited and its subsidiaries do not accept liability for the
views expressed in the email or for the consequences of any computer viruses
that may be transmitted with this email.<br>
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.</span></font></p>

</div>

<FONT SIZE=3><BR>
<BR>
---<BR>
This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged.  If you receive this email in error, please advise us by return email immediately.  Please also disregard the contents of the email, delete it and destroy any copies immediately.<BR>
Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email.<BR>
This email is also subject to copyright.  No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.<BR>
</FONT>
</body>

</html>