Snort mailing list archives
Re: Is my "snort.conf" OK?
From: Jason Long <hack3rcon () yahoo com>
Date: Mon, 22 Feb 2016 15:40:11 +0000 (UTC)
Thank you.Thus, For each IP brackets are needed. For example "ipvar HOME_NET [ip]" is correct but "ipvar HOME_NET ip"
is incorrect.
On Monday, February 22, 2016 7:05 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
You need brackets on each end, but yes, a comma between fields is enough.
Also, I’d rely on the Snort Manual at manual.snort.org, which is kept up to date. Books aren’t.
--Joel EslerManager, Talos Group
On Feb 22, 2016, at 10:33 AM, Jason Long <hack3rcon () yahoo com> wrote:
According to below, a "," is enough ?http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-5-SECT-1.html
On Monday, February 22, 2016 6:59 PM, Jason Long <hack3rcon () yahoo com> wrote:
Thank you. For specific two DNS address is my syntax correct :
# List of DNS servers on your network ipvar DNS_SERVERS [XXX.XXX.XXX.XXX,!XXX.XXX.XXX.XXX]
On Monday, February 22, 2016 6:22 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
I believe what you are looking for can be found here:
http://manual.snort.org/node16.html#SECTION00312000000000000000
--Joel EslerManager, Talos Group
On Feb 22, 2016, at 4:31 AM, Jason Long <hack3rcon () yahoo com> wrote:
Hello.
I upload my config file here and I'm thankful if you look at this :
http://pastebin.ubuntu.com/15169338/
How about below parts? If I want define two IP addresses and DNS then I must use "," for separate them?
# Setup the network addresses you are protecting
ipvar HOME_NET XXX.XXX.XXX.XXX
# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET XXX.XXX.XXX.XXX
# List of DNS servers on your network
ipvar DNS_SERVERS XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX
# List of SMTP servers on your network
ipvar SMTP_SERVERS $HOME_NET
# List of web servers on your network
ipvar HTTP_SERVERS XXX.XXX.XXX.XXX
Thank you.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)