RE: PortScan Configuration in snort.conf

["Michael Steele" <michaels () winsnort com>]

It’s still supported. Just copy your old “preprocessor portscan” line from
your old snort.conf to your new snort.conf and restart snort.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

________________________________________
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ruiyuan Jiang
Sent: Wednesday, May 19, 2004 5:22 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] PortScan Configuration in snort.conf

Hi, all 
I upgraded my snort from 2.0.5 to 2.1.2 (mysql, php, apache, ACID). After
upgrade, I don't see port scan traffic anymore in "Traffic Profile by
Protocol". I looked at the snort.conf from 2.1.2 distribution and there is
no more portscan.log item anymore. I enabled flow-portscan in snort.conf but
there is definition for the log location. I don't see portscan traffic. Am I
doing something wrong? Thanks.

Ryan Jiang 




-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users