PORTSCAN EVENT ERROR: No file was specified i

BASE-user
2007-11-04
2013-06-03
  • boogiebruva

    boogiebruva - 2007-11-04

    Hi. I'm running snort 2.8 on a debian etch box with base, mysql and apache2. When I click on the portscan events link in BASE, I get the following message:

    PORTSCAN EVENT ERROR: No file was specified in the \$portscan_file variable.

    Any ideas what's going wrong and how to correct it?
    Thanx

     
    • Juergen Leising

      Juergen Leising - 2007-11-07

      Hello boogiebruva,

      in base_conf.php you must configure the
      $portscan_file variable according to the
      sfportscan settings in snort.conf, e.g.

      snort.conf:

      preprocessor sfportscan: proto  { all } \                          scan_type { all } \                          sense_level { high } \                          memcap { 4000000 } \ logfile { /var/log/snort/sfportscan.log }

      base_conf.php:

      /* Snort spp_portscan log file */
         $portscan_file = '/var/log/snort/sfportscan.log';

      Make sure your apache2 IS allowed to
      read this file and DOES allow your
      client to read this file.

      Bye, bye

      Juergen

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks