Snort mailing list archives
Snort inline configuration
From: Ueli Kistler <iuk () gmx ch>
Date: Thu, 10 Apr 2003 15:59:10 +0200
Hello i'm adding Snort inline configuration support to IDScenter(Snort 1.9.1 Win32, for Snort 2.0 i'm waiting for a manual because there are at least 5 new options that aren't available in command-line i think? ..)
Some options are only available on commad-line though (-C .. ok that is for a good reason), but some others are not.
Not listed in manual but available -P = snaplen -G = "ghetto_msg" // Basic/Url Reference .. strange name but anyway ;) Not listed in manual AND not available:-w // Dump 802.11 control and management frames
Not available and not required in Inline mode: -c // config file -A // alert mode -b // tcpdump -s // syslog -E // NT Event log Currently available in Snort 1.9.1 source code: order alertfile classification decode_arp dump_chars_only dump_payload disable_decode_alerts decode_data_link bpf_file set_gid daemon ghetto_msg: basic / url reference_net interface alert_with_interface_name logdir umask pkt_count nolog obfuscate no_promisc snaplen quiet read_bin_file chroot checksum_mode set_uid utc verbose dump_payload_verbose show_year stateful min_ttl reference Regards, Ueli Kistler iuk () gmx ch -- -------------------------------------------------------This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort inline configuration Ueli Kistler (Apr 10)