Snort mailing list archives
Re: scan file
From: Paul Schmehl <pauls () utdallas edu>
Date: 28 Feb 2003 16:23:02 -0600
On Fri, 2003-02-28 at 15:56, Clayton Mascarenhas wrote:
Hi list, Could somebody please explain to me what that "scan" file is all about?? Every time I run snort, it gets generated together with a file named "alert".... but only sometimes ... when there is a portscan attack I guess ... will that scan file actually have anyting in it. I know the alerts get sent to that file named "alert" . But where is the file for all the triggered rules that just need to log information and do not need to be sent to the "alert" file. Is this "scan" file that "log" file?? Or is there another file somewhere called "log". What is this scan file?? How does it get generated? And when does it get filled? Thanks snort-users list.
The scan.log is generated by the portscan2 preprocessor. Search your snort.conf file for portscan2. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- scan file Clayton Mascarenhas (Feb 28)
- Re: scan file Paul Schmehl (Feb 28)