jmcclure

ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory

10 posts in this topic

Hello,

I am following the Installing an IIS Web Server Logging events to a mysql database and I am receiving the following error when testing my conf file:

 

ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory.

Fatal Error, Quitting..

My snort configuration file is configured as such

preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log }

 

any help would be greatly appreciated!

Thanks!

 

Share this post


Link to post
Share on other sites

I received the same error using the conf file that you provided.

ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory.
Fatal Error, Quitting..

 

Share this post


Link to post
Share on other sites

Make sure there is a log folder in the snort folder

This looks odd: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory.

Try this: preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low } logfile { portscan.log }

Share this post


Link to post
Share on other sites

Hello,

I do have a log folder in the snort folder. The log folder is empty.  When I use preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low } logfile { portscan.log } it returns this error

Decoding Ethernet
ERROR: Portscan log file 'log/portscan.log' could not be opened: No such file or
 directory.
Fatal Error, Quitting..

 

If I disable the portscan by adding the # symbol it returns this error:

Decoding Ethernet
ERROR: C:\mar21_snortbuild\snort-2.9.8.2-335\src\output-plugins\spo_unified2.c(3
23) Could not open log/merged.log.1465563828: No such file or directory
Fatal Error, Quitting..

Thank you for your help so far!  any ideas on what I need to do?

Share this post


Link to post
Share on other sites

It appears you have some sort of problem with the log folder (permission, etc...).

Share this post


Link to post
Share on other sites

I figured it out.....

I think there is a step missing in the install guide "installing an IIS Web Server logging events to a MySQL Database".

when configuring the snort.conf file......

in step #2 line # 186 needs to be changed to

config logdir: d:\winids\snort\log

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

If Snort is setup correctly queries to the log folder are defaulted to the snort folder. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now