Snort mailing list archives

RE: Quick(noob) question on rules. Role of snort.co nf?

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Wed, 30 Apr 2003 10:57:17 -0400

The snort.conf file is not just for rules -- it's for configuring almost all
aspects of Snort.  Yes, rules can be directly edited into snort.conf, but
typically, the Snort rules are located in various .rules file and are
"include"ed into the snort.conf file.  

HTH,

- Christopher


-----Original Message-----
From: Ryan C. Sebastian [mailto:rsebastian () comcast net]
Sent: Tuesday, April 29, 2003 5:33 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Quick(noob) question on rules. Role of
snort.conf?

From what I've read on the faqs, all the rule sets for IDS mode have to be

made in the snort.conf file?  Is this how many of you are running snort?
Hence the example in the FAQs:

"./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
Where snort.conf is the name of your rules file. This will apply the rules
set in the snort.conf file to each packet to decide if an action based upon
the rule type in the file should be taken."

So does this mean any rules should be made directly to the snort.conf file?
(adding/editing rules etc). Or, the "snort.conf" line can be substituted
with any rule set you have?

I guess I'm confused on what role snort.conf plays in rules.

I tried to read as much as I could before posting this.
Thanks



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Quick(noob) question on rules. Role of snort.co nf? Bruyere, Michel (Apr 30)
- <Possible follow-ups>
- RE: Quick(noob) question on rules. Role of snort.co nf? L. Christopher Luther (Apr 30)