Scp requires a destination location to place the files. You can just use . to use the current directory (or specify an alternate directory). The modified line below should work (not the period at the end).
scp -P 222 [EMAIL PROTECTED]:/var/log/snort/alert . scp -P 222 [EMAIL PROTECTED]:/var/log/snort/* . On Sun, 2003-11-02 at 14:40, Shawn wrote: > been playing with this a little, and was able to get an SSH connection to > the firewall from my server (helps if I use the correct syntax, AND port > number at the same time). So, I was then looking at using SCP to grab the > files in question. I guess I don't know enough about SCP, and the man page > wasn't too clear either. Here's the commands I entered: > > scp -P 222 [EMAIL PROTECTED]:/var/log/snort/alert #alert is a file > scp -P 222 [EMAIL PROTECTED]:/var/log/snort/* > > in both cases I get prompted with the correct usage for SCP. But I thought > this was correct usage (based on the usage prompt).... > > Any suggestions are appreciated. Thanks. > > Shawn > > -----Original Message----- > From: Shawn [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 02, 2003 2:21 PM > To: CLUG (E-mail) > Subject: (clug-talk) SnortSnarf for IPCop on a different computer? > > > I've been playing with Snort on my server over the past week. The downside > is that I can't really tell how well it's working because my IPCop firewall > is blocking everything. This is a good thing! But, I'd like to try running > SnortSnarf to report the attacks on my system. I just tried to export the > intrusion detection logs from IPCop, but I don't think they export to a > format compatible with snort. > > So, I'm looking for ideas on how to get the snort log files on the IPCop box > moved to my server automatically (and peridically through cron), so I can > run SnortSnarf against them. The server doesn't have FTP configured, nor > does the IPCop firewall. Both have SSH configured, but I haven't been too > sucessful at doing an ssh session to the firewall from the server (just > tried, with port 22 and 222). > > Any thoughts or suggestions? Thanks. > > Shawn -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
