Re: inconsistency docu vs. snort.conf

[Marcin Dulak <marcin.dulak () gmail com>]

Maybe instead the docs could say: "please consult your snort.conf as the
authority about the specific values of the parameters" or something alike.

Marcin

On Wed, Jan 25, 2017 at 2:16 PM, Joel Esler (jesler) <jesler () cisco com>
wrote:

> We can adjust the documentation, but the Snort.conf is updated to stay
> current with threats and counter measures.  The docs sometimes don't keep
> up.
>
> --
> Sent from my iPhone
>
> > On Jan 25, 2017, at 6:38 AM, Felix Erlacher <felix.erlacher () uibk ac at>
> wrote:
> > Hi all,
> >
> > I think I just found an inconsistency between the official documentation
> > and the example snort.conf file.
> > In the current documentation for Snort 2.9.9 (dated November 14)
> > available on the snort.org webpage it says on page 46 for the
> > preprocessor stream5_tcp option "require_3whs" --> "the default is set
> > to off" and for the session grace period of that option "The default is
> > ”0”".
> > But in the sample snort.conf file in the snort 2.9.9.0 tarball as well
> > as the one on the webpage (https://www.snort.org/configurations) the
> > require_3whs option is enabled and the grace period set to 180 seconds.
> >
> > The same holds for the "detect_anomalies" option, docu says default is
> > off, in example snort.conf it is turned on.
> >
> > greetings
> >
> > --
> > Felix Erlacher
> >
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!