sfportscan

["Dominic" <dominic () multilink co za>]

Hi All,

 

Please can someone point me in the right direction - I have installed snort
2.3.0 and it is working perfectly - except for the portscanning portion. I
have enabled the sfportscanner preprocessor, but the logfile never gets any
data written to it. The alert file logs all the IDS events, but I get no
sfportscans, even if I use nmap to scan the box. My sfportscanner config is
as follows:

 

preprocessor sfportscan: proto  { all } \

                         scan_type { all } \

                         memcap { 10000000 } \

                         sense_level { medium } \

                         logfile { /var/log/snort/portscan.log }

 

Thanks in advance

 

Dominic.