Snort mailing list archives

snort "portscan.log" file empty?

From: "Matt Harrell" <mhar () plexus-online com>
Date: Tue, 14 Aug 2001 15:43:32 -0400

I'm a relatively new user of Snort.  I'm running Snort version 1.8p1-0
(RPM) on Red Hat Linux 7.1.  I've noticed that the
/var/log/snort/portscan.log file rarely gets stuff logged to it, even
though I see a lot of activity logged by Snort in the "auth" log (and
"syslog") and for individual IP numbers in /var/log/snort for Code Red.
Shouldn't more be getting logged in portscan.log? 
 
The main reason I'm asking is that I recently became a member of DShield
(http://www.dshield.org), and I'm tyring to send in my Snort
portscan.log file every day for the project using the Perl script I got
from the DShield web site for Snort (specifically for portscan.log).  It
seems only partially useful if many attacks that Snort detects are not
logged to portscan.log.
 
Thank you.
 
Matt Harrell
Plexus Systems
mhar () plex-sys com

Current thread:

snort "portscan.log" file empty? Matt Harrell (Aug 14)
- Re: snort "portscan.log" file empty? Jason A. Haynes (Aug 14)
- <Possible follow-ups>
- RE: snort "portscan.log" file empty? Matt Harrell (Aug 15)