Snort mailing list archives
sfPortscan
From: teknet () poczta onet pl
Date: Sat, 31 Dec 2005 12:29:34 +0100
Hello i have configured sfPortscan: preprocessor flow: stats_interval 0 hash 2 preprocessor sfPortscan: proto{ all }scan_type { all } sense_level { high } but still do not receive in my log file (and database) any logs (while scanning using differenet nmap techniques). Do i need to add any special rule to log scanning ? Everything else (normal rules logging) works fine. Where is my mistake ? 2nd question: can i set time window for port scan detector ? (if not, are you going to implement such option ?) Thanx Michal ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sfPortscan teknet (Dec 31)