[Snort-users] sfPortscan

teknet at ...7692... teknet at ...7692...
Sat Dec 31 03:31:05 EST 2005


Hello

i have configured sfPortscan:

preprocessor flow: stats_interval 0 hash 2 
preprocessor sfPortscan: proto{ all }scan_type { all } 
sense_level { high }

but still do not receive in my log file (and database) any logs (while scanning using differenet nmap techniques).

Do i need to add any special rule to log scanning ?
Everything else (normal rules logging) works fine.
Where is my mistake ?

2nd question:
can i set time window for port scan detector ? (if not, are you going to implement such option ?)

Thanx
Michal




More information about the Snort-users mailing list