[Snort-users] sfportscan

Martin Roesch roesch at ...1935...
Wed Feb 23 09:26:14 EST 2005


What output module are you running for logging?  I just ran a test here 
with the same settings and nmap'd a box and got a populated 
portscan.log file.

      -Marty

On Feb 21, 2005, at 4:35 PM, Dominic wrote:

> Hi All,
>
>  
>
> Please can someone point me in the right direction – I have installed 
> snort 2.3.0 and it is working perfectly – except for the portscanning 
> portion. I have enabled the sfportscanner preprocessor, but the 
> logfile never gets any data written to it. The alert file logs all the 
> IDS events, but I get no sfportscans, even if I use nmap to scan the 
> box. My sfportscanner config is as follows:
>
>  
>
> preprocessor sfportscan: proto  { all } \
>
>                          scan_type { all } \
>
>                          memcap { 10000000 } \
>
>                          sense_level { medium } \
>
>                          logfile { /var/log/snort/portscan.log }
>
>  
>
> Thanks in advance
>
>  
>
> Dominic.
>
>  
>
>  
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list