Snort mailing list archives

Previous By Date Next
Previous By Thread Next

help with regular expressions

From: "Julio E. Gonzalez P." <jegp () netvision com py>
Date: Wed, 02 Apr 2003 13:00:33 -0300
Hi all!
I just install snort-2.0.0rc2 and want snort to NOT report any alert from hosts a.a.a.a and host b.b.b.b of destiny c.c.c.c port dddd. 

Is this correct?:
/usr/local/bin/snort -D -i eth1 -A fast -N -c /usr/local/snort/rules/snort.conf not \( \(src host a.a.a.a or src host b.b.b.b\) and dst host c.c.c.c and dst port dddd\)
It seems OK, is working now. Just want to verify with you, and want to know if is possible to put that expression 
in the file snort.conf, and how?

Thanks!
Julio.




-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server 
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: