Re: sfportscan

[Martin Roesch <roesch () sourcefire com>]

What output module are you running for logging?  I just ran a test here 
with the same settings and nmap'd a box and got a populated 
portscan.log file.

     -Marty

On Feb 21, 2005, at 4:35 PM, Dominic wrote:

> Hi All,
>
>  
>
> Please can someone point me in the right direction – I have installed 
> snort 2.3.0 and it is working perfectly – except for the portscanning 
> portion. I have enabled the sfportscanner preprocessor, but the 
> logfile never gets any data written to it. The alert file logs all the 
> IDS events, but I get no sfportscans, even if I use nmap to scan the 
> box. My sfportscanner config is as follows:
>
>  
>
> preprocessor sfportscan: proto  { all } \
>
>                          scan_type { all } \
>
>                          memcap { 10000000 } \
>
>                          sense_level { medium } \
>
>                          logfile { /var/log/snort/portscan.log }
>
>  
>
> Thanks in advance
>
>  
>
> Dominic.
>
>  
>
>  
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users