Snort mailing list archives
Going from Preprocessor portscan2 to flow-portscan
From: Bill Warren <bwarren () optivel com>
Date: Wed, 04 Aug 2004 13:16:32 -0500
With portscan2 when there was a portscan the file /var/log/snort/scan.log was created and I would get
01/05-14:08:15.373424 UDP src: 192.160.160.211 dst: 192.160.160.34 sport: 202 dport: 105 tgts: 3 ports: 25 event_id: 769354
Now that I switched I don't get that log anymore. It only updates the scan.log. I have read README.flow-portscan and don't see how to have the log updated. Anybody have any ideas?
I was running 2.0.0 and now I am running 2.1.3 on Linux. Thanks, Bill -- ********************************** Bill Warren Optivel, Inc. E-mail: bwarren () optivel com Voice: 317.275.2305 Fax: 317.275.2301 Web: http://www.optivel.com ********************************** ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Going from Preprocessor portscan2 to flow-portscan Bill Warren (Aug 04)