Snort mailing list archives
Re: default sfportscan preprocessor log file name?
From: Y M <snort () outlook com>
Date: Wed, 15 Jul 2015 14:20:59 +0000
Interesting. When I uncomment the sfprotscan preprocessor *without* specifying the log file path and name nothing gets generated as in a sfprotscan specific file, at least not in Snort 2973. Sent from Mobile On Tue, Jul 14, 2015 at 6:36 PM -0700, "waldo kitty" <wkitty42 () windstream net> wrote:
On Sat, Jul 11, 2015 at 9:55 AM -0700, "waldo kitty" <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote: what is the default sfportscan preprocessor file name if one is not specified on the config for the sfportscan preprocessor?
On 07/13/2015 07:09 PM, Y M wrote:I don't think a sfprotscan log file gets generated without specifying it's directory and name. Events (alerts) should still show in alerts or unified file.
1st: TOP posting corrected AFAIR: when i uncommented the sfportscan configuration in the default conf file, there was a log file created... i just don't recall what it was and don't have any means of testing it at this moment... thus my question to the list in the hopes that someone intimate with the code would respond... not that you, YM, don't fit that but just looking for a definitive response from the VRT or whatever they call themselves now that cisco has them under their umbrella... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- default sfportscan preprocessor log file name? waldo kitty (Jul 11)
- Re: default sfportscan preprocessor log file name? Y M (Jul 13)
- Re: default sfportscan preprocessor log file name? waldo kitty (Jul 14)
- Re: default sfportscan preprocessor log file name? Y M (Jul 15)
- Re: default sfportscan preprocessor log file name? waldo kitty (Jul 14)
- Re: default sfportscan preprocessor log file name? Y M (Jul 13)