[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] scan file
From:       Paul Schmehl <pauls () utdallas ! edu>
Date:       2003-02-28 22:23:02
[Download RAW message or body]

On Fri, 2003-02-28 at 15:56, Clayton Mascarenhas wrote:
> Hi list,
> 
> Could somebody please explain to me what that "scan" file is all
> about?? Every time I run snort, it gets generated together with a file
> named "alert".... but only sometimes ... when there is a portscan
> attack I guess ... will that scan file actually have anyting in it. I
> know the alerts get sent to that file named "alert" . But where is the
> file for all the triggered rules that just need to log information and
> do not need to be sent to the "alert" file. Is this "scan" file that
> "log" file?? Or is there another file somewhere called "log". What is
> this scan file?? How does it get generated? And when does it get
> filled? Thanks snort-users list.
> 
The scan.log is generated by the portscan2 preprocessor.  Search your
snort.conf file for portscan2.

-- 
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]