Snort mailing list archives
no data in portscan.log
From: Björn Brombach <b.brombach () drachenfels de>
Date: Wed, 16 Jul 2003 11:32:19 +0200
Hi! I installed Snort on Suse 8.2 with MySQL and ACID. I havent done much tuning yet so Snort is running mostly with default settings turned on. The two Portscan processors are activated and kept the default values of them. The output processor is logging alerts to database and standard to file as well. The System is running fine except the portscan bar in ACID stays at 0%, although portscans are reported and logged into the database correctly. Furthermore no data at all is in the file portscan.log. And i got another concern. Is it possible to distinguish between the direction of packets when excluding them from portscanning? What i mean is that i only want to exclude outgoing traffic (source) from certain ip adresses, but not the incoming (destination) as well. Having reinstalled the applications and looked through faqs and more, i was not able to find any hints to a solution so far. Thanks for any help bb ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- no data in portscan.log Björn Brombach (Jul 16)
- Re: no data in portscan.log Erek Adams (Jul 16)