Snort mailing list archives

Documentation!!

From: SN ORT <snort_on_acid () yahoo com>
Date: Wed, 11 Feb 2004 09:21:59 -0800 (PST)

Would it be possible to make the documents with more
complete examples. For instance while (attempting)
tuning the HTTP_INSPECT using the configs in the
README.http_inspect file (being a good Snort-citizen,
I read the document):
I used the config options, trying to figure out if
these all go on the same line or different, trying to
figure out by trial and error if I can use a variable
for the "servers" IP address, such as $HTTP_SERVERS!!
(so now how do I specify more than one?), found out
for myself I have to use the "\" to specify more
options, and then find out there has to be a space
between the last character and the "\", and then
finally find out that I can't even use all of the
options per the error below.

"Invalid token while configuring the profile token. 
The only allowed tokens when configuring profiles are:
'ports', 'iis_unicode_map', 'allow_proxy_use',
'flow_depth', 'no_alerts', 'oversize_dir_length', and
'inspect_uri_only'."

So now I can't use the "bare_byte or non_rfc_Char
options along with the rest? What a PAIN!

SO forget about using http_inspect and forget about
ANY decoder, turn all of them off. Now I'm just trying
to find out which command shuts off which decoder, I
thought I shut off every possibility after readin gthe
doc, but, I still get alerts! Grrr.

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Documentation!! SN ORT (Feb 11)
- Re: Documentation!! Matt Kettler (Feb 11)
  - Re: Documentation!! SN ORT (Feb 11)
    - Re: Documentation!! Matt Kettler (Feb 11)
- <Possible follow-ups>
- RE: Documentation!! Mike Koponick (Feb 12)
  - RE: Documentation!! SN ORT (Feb 12)
  - RE: Documentation!! Michael Steele (Feb 12)