Question about var SERVICE_PORTS

["Schmehl, Paul L" <pauls () utdallas edu>]

I'm upgrading snort to 2.1.0 (FreeBSD 4.9 RELEASE, built from ports with
flexresp and mysql support), and I've run into a question regarding the
snort.conf file.

In previous versions of snort, I had vars like this:
SERVICE_PORTS xx xx xx xx
E.g var HTTP_PORTS 80 443 8080 8887

IOW, a space separated lists of appropriate ports.

However, in the snort.conf-sample file that came with 2.1.0, in the
comments preceding var HTTP_PORTS, the sample file reads:

# Please note: [80,8080] does not work.
# If you wish to define multiple HTTP ports,
#
## var HTTP_PORTS 80
## include somefile.rules
## var HTTP_PORTS 8080
## include somefile.rules
var HTTP_PORTS 80

Can someone please explain what the above notes mean?  It looks like the
explanation was left out of the sample conf file.  Can we still define
vars for ports as a space-separated list of ports?  Do we need to put
the list in some sort of include file now?  How does this work now?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users