where are port scan logs?
Do you expect log files on the client or on the serverside?
If you expect log files on the client side, you can use the right nmap parameters. Specifics about those can be found in the official manual. One basic example to get you started:
nmap -A -oN /tmp/output.log rhelserver1
This command will run a portscan on a system called rhelserver1 and saves the output in 'normal' format to /tmp/output.log.
If you expect log files on the server side, please have a look at the PSAD tool. This tool detects port scans and is able to report about them. The link is about Ubuntu, but the PSAD tool is available in the RHEL repository and can be installed using yum or dnf.
Related videos on Youtube
06 : 37
05 : 59
02 : 06
06 : 32
01 : 26
17 : 09
Jeff Schaller
Unix Systems administrator http://www.catb.org/esr/faqs/smart-questions.html http://unix.stackexchange.com/help/how-to-ask http://sscce.org/ http://stackoverflow.com/help/mcve
Updated on September 18, 2022Comments
-
Jeff Schaller over 1 year
If I perform port scanning against a standard CentOS-7/RHEL-7 server or desktop, where do I see the logs? I have searched the /var/log directory but did not see any port scan related logs.
NB: I used
# nmap -p 1-65000 target-ip-addressThere is no firewall between Kali linux (scanner machine) and CentOS-7 server (target machine). The two are connected by a switch, and belong to the same subnet, and same vlan. I can ping target machine, and I can see open ports too. But I need the logs. I can't see them, on the CentOS server side.