Snort mailing list archives
Re: portscan.log file
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 9 Oct 2002 21:12:06 -0700 (PDT)
On Wed, 9 Oct 2002, Ganu Skop wrote:
Love to hear if anyone has come up with a script that will get portscan.log daily in regard to particular date. With this I could be able to
Upgrade. You're running 1.8.7 or less. In the release of 1.9.0 spp_portscan, which uses portscan.log, was replaced by spp_portscan2 which uses scan.log. Anyway... Make it simple on yourself. grep <DATE> portscan.log | sort -n | uniq That'll give you each IP (listed once) that 'scanned' you during the day. Yes, of course you can get more fancy--But that's the simple way. :) Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan.log file Ganu Skop (Oct 09)
- Re: portscan.log file Erek Adams (Oct 09)
- how to show payload data SW (Oct 10)
- Re: how to show payload data Dragos Ruiu (Oct 10)
- how to show payload data SW (Oct 10)
- Re: portscan.log file Erek Adams (Oct 09)