RE: home_net and external_net: how to use ! with multiple subnets ?

[Tom Van Overbeke <tvanoverbeke () ccncsi net>]

I'm not sure what happened, but i reviewed my conf, restarted snort, and it
works now.

must have been some stray character somewhere in the snort.conf i think.

Anyway, thanks to all because it works now and the false positives have
significantly dropped, making life a lot easier.


thx,

Tom.



> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]On Behalf Of
> Erek Adams
> Sent: 22 August 2003 06:58
> To: Tom Van Overbeke
> Cc: 'L. Christopher Luther'; 'Snort-Users (E-mail)'
> Subject: RE: [Snort-users] home_net and external_net: how to
> use ! with
> multiple subnets ?
>
>
> On Thu, 21 Aug 2003, Tom Van Overbeke wrote:
>
> > just for clarification, i have this in my snort.conf:
> >
> >
> > var EXTERNAL_NET !$HOME_NET
> >
> > and in the rules the variable EXTERNAL_NET has a leading $
> everywhere.
> > so maybe my version is too old ? i'm running version
> snort-2.0.0-1.0.10 on
> > redhat advanced server 2.1
>
> Nope...  You're current.
>
> > What version are you guys running ?
>
> Version 2.0.2beta (Build 90) from CVS and Version 2.0.1
> (Build 88) 2.0.1
> release.
>
> Something's wrong in your setup.  If it were something wrong
> with Snort,
> we'd be swamped with email about it.  :)  It's the law of averages.
>
> What does the output of:
>
>       egrep -v '^#|^$' snort.conf
>
> give you?
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a
> single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click
> here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

****************************************************************************
Disclaimer: 
This electronic transmission and any files attached to it are strictly 
confidential and intended solely for the addressee. If you are not 
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this 
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages 
resulting from any virus transmitted. 
Thank You.
****************************************************************************



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users