Re: no data in portscan.log

[Erek Adams <erek () snort org>]

On Wed, 16 Jul 2003, [iso-8859-1] Björn Brombach wrote:

[...snip...]

> The two Portscan processors are activated and kept the default values of
> them. The output processor is logging alerts to database and standard to
> file as well. The System is running fine except the portscan bar in ACID
> stays at 0%, although portscans are reported and logged into the
> database correctly. Furthermore no data at all is in the file
> portscan.log.

Never run both.  It's a waste of CPU and time.  Pick one or the other.

> And i got another concern. Is it possible to distinguish between the
> direction of packets when excluding them from portscanning? What i mean
> is that i only want to exclude outgoing traffic (source) from certain ip
> adresses, but not the incoming (destination) as well.

Check the FAQ.  3.9.

> Having reinstalled the applications and looked through faqs and more, i was
> not able to find any hints to a solution so far.

Ummm...  See above.  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users