Snort mailing list archives
help with regular expressions
From: "Julio E. Gonzalez P." <jegp () netvision com py>
Date: Wed, 02 Apr 2003 13:00:33 -0300
Hi all!I just install snort-2.0.0rc2 and want snort to NOT report any alert from hosts a.a.a.a and host b.b.b.b of destiny c.c.c.c port dddd.
Is this correct?:/usr/local/bin/snort -D -i eth1 -A fast -N -c /usr/local/snort/rules/snort.conf not \( \(src host a.a.a.a or src host b.b.b.b\) and dst host c.c.c.c and dst port dddd\)
It seems OK, is working now. Just want to verify with you, and want to know if is possible to put that expression
in the file snort.conf, and how? Thanks! Julio. -------------------------------------------------------This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- new snort.conf Kreimendahl, Chad J (Apr 01)
- <Possible follow-ups>
- RE: new snort.conf Kreimendahl, Chad J (Apr 01)
- help with regular expressions Julio E. Gonzalez P. (Apr 02)
- Re: help with regular expressions Erek Adams (Apr 02)
- (spp_portscan2) lines in alert file Julio E. Gonzalez P. (Apr 03)
- help with regular expressions Julio E. Gonzalez P. (Apr 02)