Snort mailing list archives
Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2
From: "Michael Steele" <michaels () winsnort com>
Date: Mon, 30 Jul 2012 14:52:49 -0400
Try: preprocessor sfportscan: proto { all } \ scan_type { all } \ memcap { 10000000 } \ sense_type { high } Kindest regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: Joel Esler [mailto:jesler () sourcefire com] Sent: Monday, July 30, 2012 12:36 PM To: Dang Le Nam Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 sense_type should not have brackets around the option. On Jul 30, 2012, at 12:03 PM, Dang Le Nam <lenam.cntp () gmail com> wrote: Can you give me a solutions about snort portscan ? I can’t see log port scan on my base and snort error when running I use # Portscan detection. For more information, see README.sfportscan preprocessor sfportscan: proto { all } \ scan_type { all } \ memcap { 10000000 } \ sense_type {high} but when I run snort with options snort –vde –c /etc/snort/snort.conf –l /etc/snort/log –K asciii then 1 bug appear: ERROR: /etc/snort/snort.conf(420) => Invalid option 'sense_type' to portscan preprocessor. Fatal Error, Quitting.. -------------------- Đặng Lê Nam ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. <http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ Snort-users mailing list <mailto:Snort-users () lists sourceforge net> Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users> https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users> http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit <http://blog.snort.org> http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Dang Le Nam (Jul 30)
- Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Joel Esler (Jul 30)
- Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Michael Steele (Jul 30)
- Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Joel Esler (Jul 30)