Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Noob question on snort.conf

From: Erek Adams <erek () snort org>
Date: Sun, 1 Jun 2003 10:20:43 -0400 (EDT)
On Sat, 1 Jun 2002, storm wrote:


Hi everyone. Need a little help with snort.conf editing.
i ucommented the line that says:

#You can specify it explicity as:
#var HOME_NET 10.1.1.0/24

#or use global variable etc etc

and I commented it to:

#var HOME_NET 172.16.0.1/30

Is this all I have to do to set HOME_NET? I notice there were a bunch of
other things you could comment that were related to HOME_NET. Is what I
did enough?


You need to find the line that reads:

        var HOME_NET any

and change it to:

        var HOME_NET <your_ip_range>

Where <your_ip_range> is the network you want to watch.  So if that
network was 172.16.0.1/30 it would be:

        var HOME_NET 172.16.0.1/30

Notice there is no # in front of it.  #'s are comments and the parser
ignores any line that starts with a #.


Also, where it asks you to list the servers on your network like this:
#var HTTP_SERVERS $HOME_NET


Look at that again.  It actually reads:

        var HTTP_SERVERS $HOME_NET

Again, notice no # at the start of the line.


Where do I put the ip of the webserver? I suppose where it says
"HTTP_SERVERS" ?


You could or if your webserver is in your HOME_NET you could just leave it
the way it is.

Be sure and check out the Snort Manual and Snort FAQ.  Quite a bit of
questions like these are answered inside them.  Yes, that means you have
to _READ_ them, since osmosis doesn't work for learning.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: