Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help with regular expressions

From: Erek Adams <erek () snort org>
Date: Wed, 2 Apr 2003 11:43:30 -0500 (EST)
On Wed, 2 Apr 2003, Julio E. Gonzalez P. wrote:


Hi all!
I just install snort-2.0.0rc2 and want snort to NOT report any alert
from hosts a.a.a.a and host b.b.b.b of destiny c.c.c.c port dddd.

Is this correct?:
/usr/local/bin/snort -D -i eth1 -A fast -N -c
/usr/local/snort/rules/snort.conf not \( \(src host a.a.a.a or src host
b.b.b.b\) and dst host c.c.c.c and dst port dddd\)


Yep.  That's what you want.


It seems OK, is working now. Just want to verify with you, and want to
know if is possible to put that expression
in the file snort.conf, and how?


No, but you can place it into a file.  Put it in a file and then use:

        snort <options> -F bpf_file

or in snort.conf

        config bpf_file: bpf_file

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: