Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort inline configuration

From: Ueli Kistler <iuk () gmx ch>
Date: Thu, 10 Apr 2003 15:59:10 +0200
Hello

i'm adding Snort inline configuration support to IDScenter
(Snort 1.9.1 Win32, for Snort 2.0 i'm waiting for a manual because there are at least 5 new options that aren't available in command-line i think? ..)
Some options are only available on commad-line though (-C .. ok that is for a good reason), but some others are not. 

Not listed in manual but available
-P = snaplen
-G = "ghetto_msg" // Basic/Url Reference .. strange name but anyway ;)

Not listed in manual AND not available:
-w // Dump 802.11 control and management frames 
Not available and not required in Inline mode:
-c  // config file
-A // alert mode
-b // tcpdump
-s // syslog
-E // NT Event log

Currently available in Snort 1.9.1 source code:
order
alertfile
classification
decode_arp
dump_chars_only
dump_payload
disable_decode_alerts
decode_data_link
bpf_file
set_gid
daemon
ghetto_msg: basic / url
reference_net
interface
alert_with_interface_name
logdir
umask
pkt_count
nolog
obfuscate
no_promisc
snaplen
quiet
read_bin_file
chroot
checksum_mode
set_uid
utc
verbose
dump_payload_verbose
show_year
stateful
min_ttl
reference

Regards,
   Ueli Kistler
   iuk () gmx ch

--




-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: