Snort mailing list archives
RE: Noob question on snort.conf
From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 31 May 2003 20:55:26 -0700
You need to read the Snort documentation and take each one at a time. If you have: var HOME_NET 172.16.0.1/30 and remove the hash mark from this next line: var HTTP_SERVERS $HOME_NET The above line will translate with no changes, to: var HTTP_SERVERS 172.16.0.1/30 Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of storm Sent: Saturday, June 01, 2002 7:59 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Noob question on snort.conf Hi everyone. Need a little help with snort.conf editing. i ucommented the line that says: #You can specify it explicity as: #var HOME_NET 10.1.1.0/24 #or use global variable etc etc and I commented it to: #var HOME_NET 172.16.0.1/30 Is this all I have to do to set HOME_NET? I notice there were a bunch of other things you could comment that were related to HOME_NET. Is what I did enough? Also, where it asks you to list the servers on your network like this: #var HTTP_SERVERS $HOME_NET Where do I put the ip of the webserver? I suppose where it says "HTTP_SERVERS" ? TIA guys
Current thread:
- Noob question on snort.conf storm (May 31)
- RE: Noob question on snort.conf Michael Steele (May 31)
- Re: Noob question on snort.conf Erek Adams (Jun 01)
- Re: Noob question on snort.conf John Sage (Jun 07)