Snort mailing list archives
Re: sfportscan
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 23 Feb 2005 12:25:49 -0500
What output module are you running for logging? I just ran a test here with the same settings and nmap'd a box and got a populated portscan.log file.
-Marty On Feb 21, 2005, at 4:35 PM, Dominic wrote:
Hi All,Please can someone point me in the right direction – I have installed snort 2.3.0 and it is working perfectly – except for the portscanning portion. I have enabled the sfportscanner preprocessor, but the logfile never gets any data written to it. The alert file logs all the IDS events, but I get no sfportscans, even if I use nmap to scan the box. My sfportscanner config is as follows:preprocessor sfportscan: proto { all } \ scan_type { all } \ memcap { 10000000 } \ sense_level { medium } \ logfile { /var/log/snort/portscan.log } Thanks in advance Dominic.
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sfportscan Dominic (Feb 21)
- Re: sfportscan Martin Roesch (Feb 23)