Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: filters

From: Drew Smith <drew () mutherboard dyndns org>
Date: 11 Feb 2004 23:27:42 -0500
On Wed, 2004-02-11 at 17:15, Matt Kettler wrote:

If you RTFD a bit closer, they suggest that you use 80:8080 not [80:8080].


A bit heavy handed, no? I think I was suggesting that I was not at all
clear on exactly what either the docs or example snort.conf had to say
about it. Since clarified.


Does it work better without the []?


How about it will only work without.  The trouble I was running into was
the mixed use of square brackets for differenet assignments. Hence, my
confusion. Ain't no pin-heads in my family. We kill them at birth.


snort.conf: Port lists must either be continuous [eg 80:8080], or a single 
port [eg 80].


As a matter of reference for the other's who may stumble onto the issue,
I still as yet have gotten it to work "without" spaces, contrary to what
both RTFD'ing and RTF'ing the example conf file imply.


In the two examples above, the [] are part of the text, not the suggested 
config. 


Nor are the "required" spaces.  It's a simple case of needing "this
work's" and "this won't" type of examples. Not that big of a deal
really. 

Really, if it's a simple matter of a little bit better documenting of a
config file versus sending people scouring through god only knows how
many doc files (and in many cases posting here rather than RTFD), why
not do it in the conf file in the first place and save the extra work on
everybody concerned? Myself, I was totally stumped. What I was reading
was taken in context with other items I had already dealt with in the
file. It threw me, and only for a lack of a couple comments.

Trust me, when I first posted about this, the way I was reading things I
had a legitimate beef (IMHO). That said, I'm not beyond taking a couple
of minutes to write up and submit a patch if I think it will help
anybody else in the end. 

Drew
-- 
The only stupid question is the one not asked.



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: