Portscan log file format

[Joshua Polsky <jpolsky () cymtec com>]

I had a question dealing with this particular option in the snort.conf file.

preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { high } scan_type { all }

I am trying to determine if the logging method has changed for the portscans.     Currently if I add a log file to this 
preprocessor, I get this format:

Time: 04/13-15:29:41.660134
event_id: 6042
x.x.x.x -> x.x.x.x(portscan) UDP Filtered Portscan
Priority Count: 0
Connection Count: 200
IP Count: 66
Scanner IP Range:x.x.x.x:x.x.x.x
Port/Proto Count: 32
Port/Proto Range: 137:17500

I was looking up some information about an older preprocessor for portscan just entitled portscan and noticed that it 
was able to log packets to the portscan.log file as follows:

 Mar 25 23:05:46 192.168.100.20:60126 -> 10.10.117.13:751 SYN ******S*
I was wondering if this type of format is still possible, or if I am able to get this similar information from the 
newer preprocessor.  The reason I ask about this, is because we have a program that uses the information from the 
portscan and it was looking for this older format.

Thanks for help anybody can provide.

------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been 
demonstrated beyond question. Learn why your peers are replacing JEE 
containers with lightweight application servers - and what you can gain 
from the move. http://p.sf.net/sfu/vmware-sfemails

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users