[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Snort 2.3 RC1, what right to scan.log?
From:       Matt Kettler <mkettler () evi-inc ! com>
Date:       2004-11-30 16:59:40
Message-ID: 6.2.0.14.0.20041130114806.030fe0e8 () 192 ! 168 ! 50 ! 2
[Download RAW message or body]

At 10:57 AM 11/30/2004, Bill Warren wrote:
>In Snort 2.3 RC1, what tells Snort to write to scan.log?  Can you change 
>the name and location of the file?
>Thanks,
>Bill

I suspect that is the portscan2 preprocessor. scan.log is it's default 
filename.

I'd disable portscan2 if your snort.conf still calls it. It's not really 
very useful IMO, and isn't even mentioned in 2.3's snort.conf anymore.

It could also be sfportscan. Looking at it's code however, it's hard to see 
how it works if you don't specify a logfile option.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]