@snort.log empty files

[anagha b <banagha3 () gmail com>]

Hi

All I am facing problem of empty files [snort.log files are empty] while
detecting portscan.

I tried follwing solution

1] I added following rule  into local.rules file

alert icmp any any -> any any (msg:"ICMP test";
classtype:bad-unknown; sid:10000016; rev:1;)



then snort.log is not empty. Barnyard is also giving bad icmp traffic
alert if I am pinging the snort machine from other machine.


2] I want to detect portscan using sfportscan


I set sfportscan in config file as


preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }


I tried to perform nmap  decoy scan from another machine on snort machine


*and  then again snort.log is empty .[ I removed rule from local.rules
when tried portscan]*


How can I see the portscan detection using snort.log if the file is empty?


Help needed.

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!