Snort mailing list archives
Re: What's the difference between the shipped snort.conf's?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 28 Jul 2010 12:52:08 -0400
It's the one I start with personally, so yes. However, any snort.conf should be modified to fit the environment you are applying your IDS to. J On Jul 28, 2010, at 12:39 PM, Jimmy Crackcorn wrote:
Perfect; thanks, Joel. I'm presuming the snort.conf that shipped w/ the VRT rules should be the config file to go with then? Cheers On Wed, Jul 28, 2010 at 09:17, Joel Esler <jesler () sourcefire com> wrote:The below says "--enable-zip" It should be "--enable-zlib" Joel On Jul 28, 2010, at 11:01 AM, Jimmy Crackcorn wrote:I'm finally making the transition from 2.8.5.3 to 2.8.6.1 and am re-vamping my snort.conf but I'm seeing some differences between the snort.conf that ships with 2.8.6.1 and what shipped with the latest VRT release (on the 22nd). I'd used the one included in the ruleset but it doesn't pass a simple test (compiled with --enable-decoder-preprocessor-rules --enable-targetbased --disable-corefile --enable-zip --enable-sourcefire --enable-ipv6): ... Stream5 UDP Policy config: Timeout: 180 seconds ERROR: snort.conf(192) => Invalid keyword 'compress_depth' for 'global' configuration. Fatal Error, Quitting.. The snort.conf that is included with 2.8.6.1 doesn't have compress_depth so I'm just wondering what's the difference between the two config files and which is the best to use as a template?
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What's the difference between the shipped snort.conf's? Jimmy Crackcorn (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Joel Esler (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Jimmy Crackcorn (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Joel Esler (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Jimmy Crackcorn (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Jun Wan (Jul 28)
- Re: What s the difference between the shipped snort.conf's? waldo kitty (Jul 28)
- Re: What s the difference between the shipped snort.conf's? Jun Wan (Jul 28)
- Re: What s the difference between the shipped snort.conf's? Joel Esler (Jul 29)
- Re: What s the difference between the shipped snort.conf's? Jun Wan (Jul 29)
- correct rule url/IDSPM? John Hally (Jul 30)
- Re: correct rule url/IDSPM? John Hally (Jul 30)
- Re: What s the difference between the shipped snort.conf's? waldo kitty (Jul 28)
- Re: What's the difference between the shipped snort.conf's? Joel Esler (Jul 28)