[Snort-users] Snort not logging port scans

Abe Froman abe__froman at ...125...
Sun Dec 28 20:50:02 EST 2003

I ran(from another machine on a different network)
nmap -sS
nmap -O

But the port scan log is empty
# ll /var/log/portscan.log
-rw-r--r--    1 root     root            0 Dec 28 22:22 

even through i added
preprocessor portscan: 5 7 /var/log/portscan.log

# preprocessor flow: stats_interval 0 hash 2
preprocessor portscan: 5 7 /var/log/portscan.log
# frag2: IP defragmentation support

and started snort by running
./snort -de -l ./log

Got any tips?

Get reliable dial-up Internet access now with our limited-time introductory 
offer.  http://join.msn.com/?page=dept/dialup

More information about the Snort-users mailing list