![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Snort in a Home Network
From: Xander <reg.regedit () gmail com>
Date: Thu, 30 Jul 2015 08:29:12 +0200
2015-07-29 18:54 GMT+02:00 Stephen Gantz <stephen.gantz () faculty umuc edu>:
Snort preprocessors such as the ones you describe also monitor traffic from your client computers to external servers. For example, HTTP_Inspect analyzes network traffic sent and received when you browse a website.
I see. I thought so. I guess what confused me are lines like this one: " preprocessor http_inspect_server: server default \ .......... " where, from what I understood, I have to configure my servers, right? And what about the ipvars at the beginning of snort.conf like this one: # List of sql servers on your network ipvar SQL_SERVERS $HOME_NET I'm guessing I just comment them out like I would do for their related preprocessor.
To your question about disabling preprocessors, yes, you just need to comment them out. Make sure you comment out every line for each preprocessor you want disabled, not just the first lines with the preprocessor declarations.
Perfect, thank you very much for your answer! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort in a Home Network Xander (Jul 29)
- Re: Snort in a Home Network Stephen Gantz (Jul 29)
- Re: Snort in a Home Network Xander (Jul 29)
- Re: Snort in a Home Network Stephen Gantz (Jul 29)