Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 02-15-2015, 09:34 AM   #1
LQ Newbie
Registered: Feb 2015
Posts: 1

Rep: Reputation: Disabled
Linux - Snort

Hello everyone. I am attempting to get Snort to recognize a Portscan and have an alert pop up on the screen. I have successfully installed and run snort in multiple types of configurations. I have enabled the sfportscan preprocessor in my snort.conf Snort is running on Ubuntu and I am running nmap on a Kali box. Can anyone offer any insight on how to configure snort to have an alert pop up when it detects any type of portscan?

Old 02-15-2015, 11:24 AM   #2
Registered: May 2001
Posts: 29,360
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Originally Posted by whhs41 View Post
Hello everyone.
Welcome to LQ, hope you like it here.

Originally Posted by whhs41 View Post
I am attempting to get Snort to (..) have an alert pop up on the screen.
First of all please ponder if your request is based on "the Windows mentality" of doing things (have one singing and dancing binary or suite that addresses everything including the proverbial kitchen sink), because this is not what you want in UNIX (please see The UNIX Philosophy).

Secondly, practically speaking, Snort is a daemon and has no concept of Desktop Environments let alone functionality for creating "popups". So what you want is an external process to:
0) efficiently notice (or continuously read) the log file or database was updated, then
1) parse the most recent entries for a "portscan" string, then
2) spawn a detached process to create a notice.

For #0 and #1 you've got the choice between using an inotify-based script that polls / greps logs and log readers that can perform actions themselves (see your distributions repos, SourceForge, the-now-defunct-site-Formerly-Known-As-Freshmeat, Berlios, Github et cetera) and #2 depends on the Desktop Environment you run.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort - Snort Report - mysql_pconnect() - errors mwx Linux - Software 1 02-10-2013 09:44 AM
1-snort Vs ntop-- 2- snort perfstat.exec PoleStar Linux - Newbie 1 09-06-2010 02:52 PM
[HELP]SNORT PROBLEMS(IDS)-service snort start JayCool Linux - Software 5 03-15-2009 01:34 PM
Snort - no portscan and tcp alerts in snort av.dubey Linux - Software 6 07-11-2008 10:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 03:59 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:16 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration