logo
bgImage
http://www.winsnort.com


Welcome to the home of WinIDS - Windows Intrusion Detection System!
header

Thank you for visiting WINSNORT.com

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in

sfportscan not logging to mysql
WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 » WinIDS - IIS 5.5 Web Server with MySQL Database Support
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
sondaghOffline
Post subject: sfportscan not logging to mysql  PostPosted: May 11, 2008 - 10:00 AM



Joined: May 11, 2008

Posts: 2

Status: Offline
I have a W2K3 server setup.
My sfportscan fills up my portscan.log fine.
All other alerts get logged to mysql database.
So far so good.
Exept my sfportscans don't fill my mysql database.
In other words the iphdr table gets filled but not with ip_proto=255 entries.

snort.conf (relevant part):
var HOME_NET IP 192.168.233.130
var EXTERNAL_NET !$HOME_NET

output database: log, mysql, user=*** password=*** dbname=snort host=localhost (also tried alert type)

preprocessor sfportscan: \
proto { all } \
scan_type { all } \
memcap { 100000000 } \
logfile { portscan.log } \
sense_level { high }


From my Linux setup I run a:
nmap -v -A snortip

portscan.log gets filled with:
Time: 05/10-21:46:03.059741
event_ref: 0
192.168.233.131 -> 192.168.233.130 (portscan) TCP Portscan
Priority Count: 7
Connection Count: 10
IP Count: 1
Scanner IP Range: 192.168.233.131:192.168.233.131
Port/Proto Count: 10
Port/Proto Range: 21:836

But nothing in the database
Kinda stuck, help is greatly appreciated.
 
 View user's profile Send private message  
Reply with quote Back to top
sondaghOffline
Post subject: 2.8.1 only  PostPosted: May 25, 2008 - 11:07 AM



Joined: May 11, 2008

Posts: 2

Status: Offline
The problem seems to only occur with version 2.8.1 all other versions work fine
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT -5 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 »  WinIDS - IIS 5.5 Web Server with MySQL Database Support

Powered by PNphpBB2 © 2003-2009. The PNphpBB2 Team
www.eventloganalyzer.com