[Snort-users] Re: [Snort-devel] portscan events not showing up in base
This is a discussion on [Snort-users] Re: [Snort-devel] portscan events not showing up in base within the Snort forums, part of the System Security and Security Related category; I'm not familiar with this option, or even where this option would go... could you give me more info? =...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-23-2006
|
|||
|
|||
[Snort-users] Re: [Snort-devel] portscan events not showing up in base
I'm not familiar with this option, or even where this option would go...
could you give me more info? =20 thanks! -- John On Tue, May 23, 2006 at 12:08:41PM -0400, Eric Lauzon wrote: > Do you use > the option: > output-mode pktkludge=20 > ?? >=20 >=20 >=20 > Eric Lauzon > [Recherche & D?veloppement] > Above S?curit? / Above Security > T?l : (450) 430-8166 > Fax : (450) 430-1858=20 >=20 > --------------------------------------- > "Premature optimization is the root of all > evil (or at least most of it) in programming." > - Donald Knuth > =20 >=20 > > -----Original Message----- > > From: snort-devel-admin@lists.sourceforge.net=20 > > [mailto:snort-devel-admin@lists.sourceforge.net] On Behalf Of=20 > > John Newman > > Sent: 23 mai 2006 12:06 > > To: snort-users@lists.sourceforge.net;=20 > > snort-devel@lists.sourceforge.net > > Subject: [Snort-devel] portscan events not showing up in base > >=20 > > Hello, > >=20 > > I'm using snort 2.4.4 but not sfportscan, rather the older=20 > > portscan and > > portscan2 modules. I've just realized that, although=20 > > portscans are being detected just fine, they aren't being=20 > > propagated through barnyard into the base database. =20 > >=20 > > e.g. > >=20 > > select * from acid_event where sig_name like '%portscan%' and=20 > > timestamp > > > '2006-05-01 00:00:00'; > >=20 > > returns nothing > >=20 > > If I change the date portion to sometime last month, before I switched > > from sfportscan, I get all sorts of results. Does anyone=20 > > have any clue > > what might be causing this? > >=20 > > thanks, > >=20 > > -- > > John Newman > > Systems Administrator, WebXess Inc. > >=20 > >=20 > > ------------------------------------------------------- > > Using Tomcat but need to do more? Need to support web=20 > > services, security? > > Get stuff done quickly with pre-integrated technology to make=20 > > your job easier > > Download IBM WebSphere Application Server v.1.0.1 based on=20 > > Apache Geronimo > > http://sel.as-us.falkag.net/sel?cmd=...&bid=3D263057& > > dat=3D121642 > > _______________________________________________ > > Snort-devel mailing list > > Snort-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/...fo/snort-devel > > >=20 > AVERTISSEMENT CONCERNANT LA CONFIDENTIALIT?=20 >=20 > Le pr?sent message est ? l'usage exclusif du ou des destinataires mention= n?s ci-dessus. Son contenu est confidentiel et peut ?tre assujetti au secre= t professionnel. Si vous avez re?u le pr?sent message par erreur, veuillez = nous en aviser imm?diatement et le d?truire en vous abstenant d'en faire un= e copie, d'en divulguer le contenu ou d'y donner suite. >=20 > CONFIDENTIALITY NOTICE >=20 > This communication is intended for the exclusive use of the addressee ide= ntified above. Its content is confidential and may contain privileged infor= mation. If you have received this communication by error, please notify the= sender and delete the message without copying or disclosing it. >=20 >=20 > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job ea= sier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 > _______________________________________________ > Snort-devel mailing list > Snort-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/...fo/snort-devel --=20 John Newman Systems Administrator, WebXess Inc. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
