• Support
  • Forums
  • Blogs

About Snort_portscan datasource

iksamaiksama

Entry Level
Dear Alienvault,

I am having some problem with snort plugin.
I am running 2 server : IDS Server and OSSIM Server. IDS uses snort and forward log to OSSIM Server. OSSIM Server receive log and display on Dashboard.
But the problem is OSSIM Server can't read log from preprocessor snort (exactly snort_portscan doesn't work). As you can see in image 1.png. There are 2 plugins in log ( 122: snort_portscan and 129: snort_stream5) but in dashboard, only display snort_stream 5. There's no snort_port scan!?

https://dl.dropboxusercontent.com/u/98578491/1.png
https://dl.dropboxusercontent.com/u/98578491/2.png

How could I fix this ?

Thanks you so much.

Share post:

Answers

  • Hi iksama,
    I have the same problem that you.
    Have you found any solution?
    thanks in advance
  • Have you upgraded to 4.6.1?  I belive there was a problem parsing the unified that was fixed.
  • yorubas said:
    Hi iksama,
    I have the same problem that you.
    Have you found any solution?
    thanks in advance
    Hi yorubas, I still dont have any solution for this. I dont know why.
    Have you upgraded to 4.6.1?  I belive there was a problem parsing the unified that was fixed.
    I have upgraded to 4.6.1 and nothing happen
  • I probed with another installation of ossim version 4.3.4 and have the same problem, generate a security event for all de syslog entries except for port scan.
  • Hey! I'm here with same problem! OSSIM 4.8.0 and 4.9.0! :neutral_face: Seriously AlienVault ?? they don't make OSSEC rules to do parsing on logs with "(portscan)".... D'Oh!
This discussion has been closed.