[Snort-users] Snort-2.6.0.2 on FC6 fail to log Nmap TCP portscans.

Daniel saragon at ...5693...
Mon Oct 30 13:47:34 EST 2006


Justin Heath wrote:
> What does you sf_portscan config look like?

Currently, my config looks like this (default):

<snip>
preprocessor sfportscan: proto  { all } \
	memcap { 10000000 } \
	sense_level { low }
</snip>

But, as stated before, I've also tried the following:

<snip>
preprocessor sfportscan: proto  { all } \
	memcap { 10000000 } \
	scan_type { all } \
	logfile { /tmp/portscan.log } \
	sense_level { high }
</snip>

And nothing went into the /tmp/portscan.log.

Best regards /d'.




More information about the Snort-users mailing list