[Snort-users] sfPortscan logfilein 2.9.0

John Forristel john at ...15013...
Tue Oct 19 09:39:48 EDT 2010


I'm having an issue where sfPortscan sends the portscan logs to the
/var/log/snort/alert file and not to the designated /var/log/snort/ps.log
file.  I can't figure out why this is happening.
Here is the snippet of sfportscan code:

preprocessor sfportscan: proto  { all } \
       scan_type { all } \
       memcap { 10000000 } \
       sense_level { medium } \
       logfile { /var/log/snort/ps.log }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101019/fd939e06/attachment.html>


More information about the Snort-users mailing list