Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: sabu on September 18, 2002, 05:17:53 PM

Title: portscan.log
Post by: sabu on September 18, 2002, 05:17:53 PM: i've had multiple people test their portscans on me and none of the portscans are coming up in my portscan.log or snort alert..

is it meant to be like this?

sabu
Title: Re: portscan.log
Post by: Dan on September 18, 2002, 10:12:06 PM: Well, maybe. Check to ensure that snort is running:

ps -x | grep snort

Are you running guardian? If you are, then they will be blocked and you will not see any more activity from their IP.
Title: Re: portscan.log
Post by: sabu on September 19, 2002, 03:26:10 PM: snort doesn't seem to be running, and https://www/acid is having database problems aswell..

should i uninstall reinstall? is so, how?

or is there another way to fix it?

sabu
Title: Re: portscan.log
Post by: steve on September 19, 2002, 09:56:21 PM: Do not uninstall...yet...
something similar happened to me when my dhcp address changed
I noticed that the database was not getting updated
I had to update my external IP in /etc/snort/snort.conf file (replace the old with the new)
then start (or restart) snortd using the full path to the file
on my server
/etc/rc.d/init.d/snortd

try that
Title: Re: portscan.log
Post by: Dan on September 20, 2002, 12:31:12 AM: Or simply do a:

/sbin/e-smith/expand-template /etc/snort/snort.conf

/etc/rc.d/init.d/snortd restart

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies