i use nmap to test snort
but snort only work when i make this command

nmap -sV 192.168.1.1 the alert that i get is :

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/30-20:18:47.117426 192.168.1.55:58833 -> 192.168.1.1:179
TCP TTL:51 TOS:0x0 ID:64659 IpLen:20 DgmLen:44


if you look at the port from 192.168.1.55 is port is 58833 only heigh ports who come from my pc are record as alert;

when i made commands like -sT and -sY he dint record nothing

how i can configure my snort.conf that will recorded ports scans ?

it seems like some rules work and somenot if i do ping test : ping 192.168.1.1
it make alert

but not for nmap scans

i did this
# preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { high } scan_type { all } logfile { /var/log/snort/alert }


but still nothing work