psad icon indicating copy to clipboard operation
psad copied to clipboard
verified publisher icon mrash

psad have more than once "scan detected" one nmap scan.

Open cscli opened this issue 6 years ago • 1 comments

centos7.5 perl5.26 psad 2.4.5 nmap -T4 -A -v ip; one scan ,then the psad detected more than once "scan detected" in /var/log/syslog

cscli avatar Apr 30 '19 09:04 cscli

The scan log like this, one nmap scan, syslog will hava 68 "scan detected" log: Apr 25 18:28:25 user psad: scan detected ( -sU scan): 192.168.10.81 -> 192.168.1.128 udp: [25000] udp pkts: 8 DL: 4; psad(20153)───psad(20154)───journalctl(20156), psad Started two processes when AUTO_DETECT_JOURNALCTL is "Y"; when I change AUTO_DETECT_JOURNALCTL N; (line 155) ,psad start one psad, there two "scan detected" one nmap scan;

cscli avatar May 05 '19 09:05 cscli