jmcclure Posted May 27, 2016 Report Posted May 27, 2016 Hello, I am following the Installing an IIS Web Server Logging events to a mysql database and I am receiving the following error when testing my conf file: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting.. My snort configuration file is configured as such preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log } any help would be greatly appreciated! Thanks!
jmcclure Posted June 8, 2016 Author Report Posted June 8, 2016 I received the same error using the conf file that you provided. ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting..
Morpheus Posted June 8, 2016 Report Posted June 8, 2016 Make sure there is a log folder in the snort folder This looks odd: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Try this: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { portscan.log }
jmcclure Posted June 10, 2016 Author Report Posted June 10, 2016 Hello, I do have a log folder in the snort folder. The log folder is empty. When I use preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { portscan.log } it returns this error Decoding Ethernet ERROR: Portscan log file 'log/portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting.. If I disable the portscan by adding the # symbol it returns this error: Decoding Ethernet ERROR: C:\mar21_snortbuild\snort-2.9.8.2-335\src\output-plugins\spo_unified2.c(3 23) Could not open log/merged.log.1465563828: No such file or directory Fatal Error, Quitting.. Thank you for your help so far! any ideas on what I need to do?
Morpheus Posted June 10, 2016 Report Posted June 10, 2016 It appears you have some sort of problem with the log folder (permission, etc...).
jmcclure Posted June 10, 2016 Author Report Posted June 10, 2016 I figured it out..... I think there is a step missing in the install guide "installing an IIS Web Server logging events to a MySQL Database". when configuring the snort.conf file...... in step #2 line # 186 needs to be changed to config logdir: d:\winids\snort\log dhernandez000 1
Morpheus Posted June 10, 2016 Report Posted June 10, 2016 If Snort is setup correctly queries to the log folder are defaulted to the snort folder. dhernandez000 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now