Snort mailing list archives
RE: ids problems
From: Jasmine CHUA <Jasmine.Chua () internationalsos com>
Date: Thu, 22 Apr 2004 14:38:00 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for your reply. I have tried that before. But it still does not work. :( - -----Original Message----- From: Guillaume Arcas [mailto:guillaume.arcas () free fr] Sent: Thursday, April 22, 2004 13:17 To: Jasmine CHUA Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ids problems Jasmine CHUA a dit : Hi.
Problem 1) Flow-Portscan works but not quite well for me. On Acid I only see the very first portscan alert and thereafter, I don't get to see the next and the next portscan alert on Acid. Its really weird. Right now, I can only see all the portscan alerts in syslog. Here's my snort.conf: preprocessor flow: stats_interval hash 2 preprocessor flow-portscan: unique-memcap 5000000 unique-rows 50000 tcp-penalties on server-scanner-limit 4 server-watchnet $HOME_NET alert-mode once output-mode pktkludge
You have to change the alert mode from "once" (only log the first event) to "all" (quite self-understanding...). - -- Guillaume Arcas - -------------------------------------------------- Il faut nous quitter. Nous sommes deux enfants, nous avons fait une folie. (Yvonne de Galais) -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBQIdoRv4wcdIw6CVjEQLAlACgoIsT+xw/qb9jVGiILvK+FVNG6mUAoMgL pznXf7LRPjC3uimoFjMYVa9a =HsnY -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ids problems Jasmine CHUA (Apr 21)
- Re: ids problems Guillaume Arcas (Apr 22)
- <Possible follow-ups>
- RE: ids problems Jasmine CHUA (Apr 22)
- RE: ids problems Guillaume Arcas (Apr 22)
- RE: ids problems Jasmine CHUA (Apr 22)
- RE: ids problems Guillaume Arcas (Apr 22)