Limit on variable length?

[Nare Do Well <naredowell () yahoo com>]

Is there a max length for variables declared in
snort.conf ? (ie var INTERNAL xxx.xxx.xxx.xxx./xx and
so on)

I'm implimenting snort on a WAN with 25 seperate
sub-net, with redundant gateways - trying to walk
before running.

Currently using snort 1.7 on RedHat 7.1 (waiting to
see if 1.8.1 will settle down), and it just purrs
along with a slightly modified standard rules tar
ball, and Vision's rules.  (Initially, snort is behind
a backbone router/s, so it can't see all 25 sub-nets.)

When I tested all 25 sub-nets in "var INTERNAL
......",  snort died on start-up.  I then tried adding
the CIDR addresses in, 5 at a time. It worked fine
until, the last group broke it. I then supstituteed
various CIDR IPs in and out, and concluded that 24 was
OK, 25 was not.

Word count - "wc -L /etc/snort/snort.conf" said -

412 for the line length with 25 CIDR IP addresses
395 for the line length with 24 CIDR IP addresses

It runs fine with the line length of 395.  So I
deleted one sub-net from the variable, leaving it at
24.

Is there a size limit on variables?
Or a 400 character limit on line length?
Or a the limit on the number of CIDR IP addresses?



__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users