[Snort-users] sfportscan

Dominic dominic at ...13064...
Mon Feb 21 13:36:35 EST 2005


Hi All,

 

Please can someone point me in the right direction - I have installed snort
2.3.0 and it is working perfectly - except for the portscanning portion. I
have enabled the sfportscanner preprocessor, but the logfile never gets any
data written to it. The alert file logs all the IDS events, but I get no
sfportscans, even if I use nmap to scan the box. My sfportscanner config is
as follows:

 

preprocessor sfportscan: proto  { all } \

                         scan_type { all } \

                         memcap { 10000000 } \

                         sense_level { medium } \

                         logfile { /var/log/snort/portscan.log }

 

Thanks in advance

 

Dominic.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050221/0d2c59c3/attachment.html>


More information about the Snort-users mailing list