[Snort-users] sfportscan
Martin Roesch
roesch at ...1935...
Wed Feb 23 09:26:14 EST 2005
What output module are you running for logging? I just ran a test here
with the same settings and nmap'd a box and got a populated
portscan.log file.
-Marty
On Feb 21, 2005, at 4:35 PM, Dominic wrote:
> Hi All,
>
>
>
> Please can someone point me in the right direction – I have installed
> snort 2.3.0 and it is working perfectly – except for the portscanning
> portion. I have enabled the sfportscanner preprocessor, but the
> logfile never gets any data written to it. The alert file logs all the
> IDS events, but I get no sfportscans, even if I use nmap to scan the
> box. My sfportscanner config is as follows:
>
>
>
> preprocessor sfportscan: proto { all } \
>
> scan_type { all } \
>
> memcap { 10000000 } \
>
> sense_level { medium } \
>
> logfile { /var/log/snort/portscan.log }
>
>
>
> Thanks in advance
>
>
>
> Dominic.
>
>
>
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover. Determine. Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users
mailing list