Snort mailing list archives
snort "portscan.log" file empty?
From: "Matt Harrell" <mhar () plexus-online com>
Date: Tue, 14 Aug 2001 15:43:32 -0400
I'm a relatively new user of Snort. I'm running Snort version 1.8p1-0 (RPM) on Red Hat Linux 7.1. I've noticed that the /var/log/snort/portscan.log file rarely gets stuff logged to it, even though I see a lot of activity logged by Snort in the "auth" log (and "syslog") and for individual IP numbers in /var/log/snort for Code Red. Shouldn't more be getting logged in portscan.log? The main reason I'm asking is that I recently became a member of DShield (http://www.dshield.org), and I'm tyring to send in my Snort portscan.log file every day for the project using the Perl script I got from the DShield web site for Snort (specifically for portscan.log). It seems only partially useful if many attacks that Snort detects are not logged to portscan.log. Thank you. Matt Harrell Plexus Systems mhar () plex-sys com
Current thread:
- snort "portscan.log" file empty? Matt Harrell (Aug 14)
- Re: snort "portscan.log" file empty? Jason A. Haynes (Aug 14)
- <Possible follow-ups>
- RE: snort "portscan.log" file empty? Matt Harrell (Aug 15)