RE: Noob question on snort.conf

["Michael Steele" <michaels () winsnort com>]

You need to read the Snort documentation and take each one at a time.

 

If you have:

 

var HOME_NET 172.16.0.1/30

 

and remove the hash mark from this next line:

 

var HTTP_SERVERS $HOME_NET

The above line will translate with no changes, to:

var HTTP_SERVERS 172.16.0.1/30

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician    
 mailto:michaels () winsnort com   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of storm
Sent: Saturday, June 01, 2002 7:59 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Noob question on snort.conf

 

Hi everyone. Need a little help with snort.conf editing.

i ucommented the line that says:

 

#You can specify it explicity as:

#var HOME_NET 10.1.1.0/24

 

#or use global variable etc etc

 

and I commented it to:

 

#var HOME_NET 172.16.0.1/30

 

Is this all I have to do to set HOME_NET? I notice there were a bunch of
other things you could comment that were related to HOME_NET. Is what I did
enough?

 

Also, where it asks you to list the servers on your network like this:
#var HTTP_SERVERS $HOME_NET

 

Where do I put the ip of the webserver? I suppose where it says
"HTTP_SERVERS" ?

 

TIA guys