Home page logo
/

snort logo Snort mailing list archives

New snort.conf
From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Wed, 29 Dec 2010 16:26:17 -0500

So I finally made the push to start migrating everything to 2.9 in its latest iteration (2.9.0.3) as things have cooled 
down in both of the environments I run (CentOS & Debian).  After compilation I started migrating and found the below 
snippet as a header in my new snort.conf file.  Great information -- Well done guys!

#--------------------------------------------------
#   VRT Rule Packages Snort.conf
#
#   For more information visit us at:
#     http://www.snort.org                   Snort Website
#     http://vrt-sourcefire.blogspot.com/    Sourcefire VRT Blog
#
#     Mailing list Contact:      snort-sigs () lists sourceforge net
#     False Positive reports:    fp () sourcefire com
#     Snort bugs:                bugs () snort org
#
#     Compatible with Snort Versions:
#     VERSIONS : 2.9.0.3
#
#     Snort build options:
#     OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules 
--enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload 
--enable-react --enable-flexresp3
#--------------------------------------------------

I'm really excited to see the snort build options listed in here, as it shows me what is really going on when I run:
./configure --enable-ipv6 --enable-decoder-preprocessor-rules --enable-sourcefire --enable-targetbased 
--enable-perfprofiling --enable-reload --enable-dynamicplugin

After being puzzled for a minute I went through the configure options and noted that dynamicplugin is enabled by 
default, so I can see why that is left out, so I suppose the -enable-sourcefire turns on the following:
--enable-gre
--enable-mpls
--enable-ppm
--enable-zlib
--enable-active-response
--enable-normalizer
--enable-react
--enable-flexresp3
Is that a correct assessment?

Thanks,
Parker

P.S.  Perhaps consider adding a line in the "For more information visit us at" section pointing to the new Snort Blog?
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]