Snort mailing list archives
Re: Lost in the config file
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 27 Jun 2002 00:33:02 -0700 (PDT)
On Wed, 26 Jun 2002, K. A. Steensma wrote:
This is a very small portion of a old message - -s xxx.xxx.xxx.xxx:xxx *** This works properly *** I (really) have given the user manual and FAQ a 'pretty good' look and can not figure out what the 3 numbers after the colon (:) are for. It seems the I have 'skipped' reading a very necessary doc.
Yep, you did. ;-) The code! In the current CVS HEAD branch (1.9dev) at around 1108 you see: 1108 case 's': /* log alerts to syslog */ 1109 pv.syslog_flag = 1; 1110 DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Logging alerts to s yslog\n");); 1111 /* command line alerting option has been specified, 1112 * override the alert options in the config file 1113 */ 1114 pv.alert_cmd_override = 1; 1115 #ifdef WIN32 1116 pv.syslog_remote_flag = 1; 1117 toks = mSplit(optarg, ":", 2, &num_toks, 0); 1118 strncpy(pv.syslog_server, toks[0], STD_BUF-1); 1119 pv.syslog_server_port = (num_toks == 1) ? 514 : atoi(toks[1]); 1120 DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Logging alerts to syslog server %s on port %d\n", 1121 pv.syslog_server, pv.syslog_server_port);); 1122 #endif 1123 break; Here in line 1117 you can see where you "split" based on a ":". Then you use the second argument as a port number to send to. If there's not a port number, make it be 514 (the standard) [line 1119] Does that help? :)
And I'm very mixed up in relating the command line options to the config file. What I mean is; I can add the '-i' command line option to designate the interface to watch, but how would I put this into the config file instead of on the command line?
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.1.3 Or quite simply: config interface: xl0
Am I missing something or is there no 'search' feature in the mailing list archieves at Geocrawler? I really feel like a novice (which I really am when it comes to Snort).
Some other archives have already been mentioned, but also check http://marc.theaimsgroup.com/ . Searchable and configureable.... Welcome to our world. Now please step thru the door and we'll start the un-freezing process. ;-) We're all novices about something. C'mon in and enjoy! Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Lost in the config file K. A. Steensma (Jun 26)
- Re: Lost in the config file John Sage (Jun 26)
- Re: Lost in the config file K. A. Steensma (Jun 26)
- Re: Lost in the config file Erek Adams (Jun 27)
- Re: Lost in the config file Erek Adams (Jun 27)
- Re: Lost in the config file K. A. Steensma (Jun 27)
- Re: Lost in the config file John Sage (Jun 27)
- Re: Lost in the config file Michael Boman (Jun 27)
- Re: Lost in the config file John Sage (Jun 26)