[Snort-users] PortScan Configuration in snort.conf

Michael Steele michaels at ...9077...
Wed May 19 07:50:08 EDT 2004

It’s still supported. Just copy your old “preprocessor portscan” line from
your old snort.conf to your new snort.conf and restart snort.

Kindest regards,

WINSNORT.com Management Team Member
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ruiyuan Jiang
Sent: Wednesday, May 19, 2004 5:22 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] PortScan Configuration in snort.conf

Hi, all 
I upgraded my snort from 2.0.5 to 2.1.2 (mysql, php, apache, ACID). After
upgrade, I don't see port scan traffic anymore in "Traffic Profile by
Protocol". I looked at the snort.conf from 2.1.2 distribution and there is
no more portscan.log item anymore. I enabled flow-portscan in snort.conf but
there is definition for the log location. I don't see portscan traffic. Am I
doing something wrong? Thanks.

Ryan Jiang 

More information about the Snort-users mailing list