sfPortscan

[teknet () poczta onet pl]

Hello

i have configured sfPortscan:

preprocessor flow: stats_interval 0 hash 2 
preprocessor sfPortscan: proto{ all }scan_type { all } 
sense_level { high }

but still do not receive in my log file (and database) any logs (while scanning using differenet nmap techniques).

Do i need to add any special rule to log scanning ?
Everything else (normal rules logging) works fine.
Where is my mistake ?

2nd question:
can i set time window for port scan detector ? (if not, are you going to implement such option ?)

Thanx
Michal


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users