Snort-2.1.3 Portscan

["Scott Elgram" <SElgram () verifpoint com>]

Hello,
    I am trying to configure a SNORT 2.1.3 system with MySql and Acid.  I
have it all up and running just fine right now except for one thing.  I
can't seem to get anything to register in the port scan traffic section of
Acid.  I have looked through my Snort.conf for anything and found the
flow-portscan preprocessor.  I uncommented it and configured it as follows:
--------------------------------------------------------
preprocessor flow-portscan: \
unique-memcap 5000000 \
unique-rows 50000 \
server-watchnet [192.168.0.0/24] \
server-learning-time 300 \
server-scanner-limit 50 \
alert-mode once \
output-mode msg \
tcp-penalties on
--------------------------------------------------------

    Even with this configuration I still can't seem to get anything to
register in that particular section.  I am using superscan and scanning
various IP's on the network SNORT is watching.  Have I configured this wrong
maybe?

Thanks,
-Scott




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users