[Snort-users] PortScan Configuration in snort.conf
michaels at ...9077...
Wed May 19 07:50:08 EDT 2004
Its still supported. Just copy your old preprocessor portscan line from
your old snort.conf to your new snort.conf and restart snort.
WINSNORT.com Management Team Member
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ruiyuan Jiang
Sent: Wednesday, May 19, 2004 5:22 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] PortScan Configuration in snort.conf
I upgraded my snort from 2.0.5 to 2.1.2 (mysql, php, apache, ACID). After
upgrade, I don't see port scan traffic anymore in "Traffic Profile by
Protocol". I looked at the snort.conf from 2.1.2 distribution and there is
no more portscan.log item anymore. I enabled flow-portscan in snort.conf but
there is definition for the log location. I don't see portscan traffic. Am I
doing something wrong? Thanks.
More information about the Snort-users