Snort mailing list archives

RE: Role of snort.conf regarding rules? (noob)

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Wed, 30 Apr 2003 11:04:15 -0400

The snort.conf file is not just for rules -- it's for configuring almost all
aspects of Snort.  Yes, rules can be directly edited into snort.conf, but
typically, the Snort rules are located in various .rules file and are
"include"ed into the snort.conf file.  

HTH,

- Christopher

P.S. If your work e-mail is [rsebastian () comcast net], then the post made it.



-----Original Message-----
From: stormshadow [mailto:storm-shadow () comcast net]
Sent: Wednesday, April 30, 2003 1:37 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Role of snort.conf regarding rules? (noob)


Quick note: I sent this from my work email and I dont think it made it 
to the list. Here it is again:

From what I've read on the faqs, all the rule sets for IDS mode have to

be made in the snort.conf file?  Is this how many of you are running 
snort?  
Hence the example in the FAQs:

"./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
Where snort.conf is the name of your rules file. This will apply the 
rules set in the snort.conf file to each packet to decide if an action 
based upon the rule type in the file should be taken." 

So does this mean any rules should be made directly in the snort.conf 
file? (adding/editing rules etc). Or, can the "snort.conf"  be 
substituted with any rule set you have? 
 (EX: snort -d 172.16.0.9/3 log -c rule_file_here)

I guess I'm confused on what role snort.conf plays in rules.
What exactly should be done to the snort.conf?
Thanks





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Role of snort.conf regarding rules? (noob) stormshadow (Apr 29)
- Re: Role of snort.conf regarding rules? (noob) Erek Adams (Apr 30)
- <Possible follow-ups>
- RE: Role of snort.conf regarding rules? (noob) L. Christopher Luther (Apr 30)