Snort mailing list archives
Re: configure options for 2.9.4
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 15 Feb 2013 23:02:26 -0500
On 2/15/2013 12:59, John York wrote:
Hi I'm building an IDS sensor for 2.9.4. Can I save overhead by disabling the IPS portions? I see that the default listed at the top of snort.conf is this: OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 I'm trying these changes, but they cause make to have errors: --disable-active-response --disable-normalizer --disable-react --disable-flexresp3. It looks like everything works if I remove --disable-flexresp3. What should be the configure options for a non-blocking IDS install?
we don't "remove" anything... we compile snort with the defaults plus maybe adding a few... the difference between IDS and IPS is in how you run it... inline with active blocking of DROP rules is IPS... we simply use everything as is and leave the rules as ALERT rules which are then processed from the resulting logs and then blocks are triggered... ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- configure options for 2.9.4 John York (Feb 15)
- Re: configure options for 2.9.4 Russ Combs (Feb 15)
- Re: configure options for 2.9.4 waldo kitty (Feb 15)