[Snort-users] PortScan Configuration in snort.conf

Michael Steele michaels at ...9077...
Wed May 19 07:50:08 EDT 2004


It’s still supported. Just copy your old “preprocessor portscan” line from
your old snort.conf to your new snort.conf and restart snort.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

________________________________________
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ruiyuan Jiang
Sent: Wednesday, May 19, 2004 5:22 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] PortScan Configuration in snort.conf

Hi, all 
I upgraded my snort from 2.0.5 to 2.1.2 (mysql, php, apache, ACID). After
upgrade, I don't see port scan traffic anymore in "Traffic Profile by
Protocol". I looked at the snort.conf from 2.1.2 distribution and there is
no more portscan.log item anymore. I enabled flow-portscan in snort.conf but
there is definition for the log location. I don't see portscan traffic. Am I
doing something wrong? Thanks.

Ryan Jiang 






More information about the Snort-users mailing list