variable question

["Mike Ellis" <mellis () unctv org>]

Hi,

I am running snort on my network, and am working on fine tuning the
rulebase to eliminate a lot of the false positives that my normal net
traffic generates.  To do so, I have been working with variables.

My EXTERNAL_NET variable looks like this in my snort.conf file:

var EXTERNAL_NET ![$HOME_NET,$NCREN]

I have defined HOME_NET and NCREN prior to establishing the EXTERNAL_NET
variable.  What I want to do is have my EXTERNAL_NET look at all things
except for HOME_NET and NCREN.  Can someone let me know if, as it is
written above, the variable statement should work?

Also, is there a command I can run to see what snort thinks my
EXTERNAL_NET variable is?

Thanks for reading, and for any assitance you can provide.

Sincerely,

Mike Ellis

*************************************
Telecommunications & Security Manager
UNC-TV
(919) 549-7824
mellis () unctv org
www.unctv.org



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users