Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort in a Home Network

From: Xander <reg.regedit () gmail com>
Date: Thu, 30 Jul 2015 08:29:12 +0200
2015-07-29 18:54 GMT+02:00 Stephen Gantz <stephen.gantz () faculty umuc edu>:

 Snort preprocessors such as the ones you describe also monitor traffic from your
client computers to external servers. For example, HTTP_Inspect analyzes
network traffic sent and received when you browse a website.


I see. I thought so. I guess what confused me are lines like this one:
" preprocessor http_inspect_server: server default \ .......... "
where, from what I understood, I have to configure my servers, right?

And what about the ipvars at the beginning of snort.conf like this one:
# List of sql servers on your network
ipvar SQL_SERVERS $HOME_NET
I'm guessing I just comment them out like I would do for their related
preprocessor.


To your question about disabling preprocessors, yes, you just need to
comment them out. Make sure you comment out every line for each
preprocessor you want disabled, not just the first lines with the
preprocessor declarations.


Perfect, thank you very much for your answer!

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: