Snort mailing list archives
Re: filters
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 11 Feb 2004 17:15:42 -0500
At 03:20 PM 2/11/2004, Drew Smith wrote:
I've just recently upgraded to snort-2.1.1-RC1 and over the past few days I've working on getting some of the http stuff worked out. After having done the RTFD thing over and over, I have to ask. It is stated in the default snort.conf that I can't use "var HTTP_PORTS [80,8080]", but I should use [80:8080] instead? I can't do that. If I set up my ports that way, rules that use HTTP_PORTS break.
If you RTFD a bit closer, they suggest that you use 80:8080 not [80:8080]. Does it work better without the []?snort.conf: Port lists must either be continuous [eg 80:8080], or a single port [eg 80].
In the two examples above, the [] are part of the text, not the suggested config.
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- filters Drew Smith (Feb 11)
- Re: filters Matt Kettler (Feb 11)
- Re: filters Drew Smith (Feb 11)
- Re: filters Matt Kettler (Feb 11)