jmcclure Posted May 27, 2016 Report Posted May 27, 2016 Hello, I am following the Installing an IIS Web Server Logging events to a mysql database and I am receiving the following error when testing my conf file: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting.. My snort configuration file is configured as such preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log } any help would be greatly appreciated! Thanks! Quote
jmcclure Posted May 27, 2016 Author Report Posted May 27, 2016 here is my snort.conf snort.conf Quote
jmcclure Posted June 8, 2016 Author Report Posted June 8, 2016 I received the same error using the conf file that you provided. ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting.. Quote
Morpheus Posted June 8, 2016 Report Posted June 8, 2016 Make sure there is a log folder in the snort folder This looks odd: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Try this: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { portscan.log } Quote
jmcclure Posted June 10, 2016 Author Report Posted June 10, 2016 Hello, I do have a log folder in the snort folder. The log folder is empty. When I use preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { portscan.log } it returns this error Decoding Ethernet ERROR: Portscan log file 'log/portscan.log' could not be opened: No such file or directory. Fatal Error, Quitting.. If I disable the portscan by adding the # symbol it returns this error: Decoding Ethernet ERROR: C:\mar21_snortbuild\snort-2.9.8.2-335\src\output-plugins\spo_unified2.c(3 23) Could not open log/merged.log.1465563828: No such file or directory Fatal Error, Quitting.. Thank you for your help so far! any ideas on what I need to do? Quote
Morpheus Posted June 10, 2016 Report Posted June 10, 2016 It appears you have some sort of problem with the log folder (permission, etc...). Quote
jmcclure Posted June 10, 2016 Author Report Posted June 10, 2016 I figured it out..... I think there is a step missing in the install guide "installing an IIS Web Server logging events to a MySQL Database". when configuring the snort.conf file...... in step #2 line # 186 needs to be changed to config logdir: d:\winids\snort\log dhernandez000 1 Quote
Morpheus Posted June 10, 2016 Report Posted June 10, 2016 If Snort is setup correctly queries to the log folder are defaulted to the snort folder. dhernandez000 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.