Snort mailing list archives
Clarification on Portscans using BASE and not creating a portscan.log file?
From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 20 Apr 2012 16:31:01 -0400
I was just wondering about viewing portscans in BASE: I've directed snort to use unified2 logging, and I'm not directing Snort to create a portscan.log file. Barnyard2 is sending portscans to the database and BASE is able to view them. Using the output database option I was creating the portscan.log file and I was setting the option in the BASE console to direct it to use that logfile. I'm wondering what effect it's having by not allowing BASE to read the portscan.log? What's BASE really doing with the alerts from the portscan.log? Kindest regards, Michael... ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Clarification on Portscans using BASE and not creating a portscan.log file? Michael Steele (Apr 20)