[Snort-users] Going from Preprocessor portscan2 to flow-portscan

Bill Warren bwarren at ...12173...
Wed Aug 4 11:17:06 EDT 2004

With portscan2 when there was a portscan the file 
/var/log/snort/scan.log was created and I would get

01/05-14:08:15.373424  UDP src: dst: 
sport: 202 dport: 105 tgts: 3 ports: 25 event_id: 769354

Now that I switched I don't get that log anymore.  It only updates the 
scan.log.  I have read README.flow-portscan and don't see how to have 
the log updated.  Anybody have any ideas?

I was running 2.0.0 and now I am running 2.1.3 on Linux.



Bill Warren
Optivel, Inc.
E-mail: bwarren at ...12173...
Voice:  317.275.2305
Fax:    317.275.2301
Web:    http://www.optivel.com

More information about the Snort-users mailing list