If I run a portscan against the system using GRC's Shield's Up port scanner, I see that the port scan has been detected in the Intrusion Protection System Log. However, on the Dashboard and on the various reports, the IPS counter shows 0 attacks blocked. Furthermore, I haven't seen any events increment the IPS counter so I have to wonder if it is broken (stuck at 0)?
Portscans are not counted as IPS events. This has a technical reason: IPS events are detected by the Snort engine and have a rule id/group id; they show up in the Reporting->Network Security-> IPS statistics and dashboard, and are written to the ips.log logfile. Portscans are detected by the Packetfilter engine, written to the packetfilter.log logfile, and they are counted up on separate counters.
