Re: command line options...

[Russ Combs <rcombs () sourcefire com>]

On Thu, Sep 23, 2010 at 9:44 PM, waldo kitty <wkitty42 () windstream net>wrote:

> On 9/23/2010 20:22, Russ Combs wrote:
> > On Thu, Sep 23, 2010 at 5:34 PM, waldo kitty <wkitty42 () windstream net
> > <mailto:wkitty42 () windstream net>> wrote:
> >
> >     On 9/23/2010 16:22, Jefferson, Shawn wrote:
> >      > It's definitely in the config.log in the directory where you ran
> >     configure/make if you still have that around.
> >
> >     yes, actually, i do still have that on the devel box with its
> "unique" build
> >     environment... thanks to you and others who have responded... i was
> hoping that
> >     there was a command line option so that those who get/use
> pre-compiled versions
> >     of snort would have a method of listing them...
> >
> >
> > You can also run:
> >
> > pkg-config --cflags snort
>
> i don't have pkg-config available in my environment...

http://pkgconfig.freedesktop.org/releases/

> > etc.  If snort.pc is in an unusual place, set this:
>
> however, i do have this snort.pc file and was looking at it earlier... i
> can say
> that it is much easier to read in raw format than config.log ;)
>
> so, can you or anyone else say what the defaults are in snort if none of
> the
> "VRT recommended compile options" are used?

./configure --help should hint at which are enabled / disabled.  For
example:

  --enable-ipv6            Enable IPv6 support
  --disable-corefiles      Prevent Snort from generating core files

indicate that ip6 is disabled by default and corefiles are enabled by
default.

However, that being just help text, you are better off examining
configure.log or snort.pc for the definitive answer.

> personally speaking, i think i'd flip VRT's logic and default them to being
> enabled (except for IPv6)... then use "disable-blah" at compile time to
> eliminate them from the binary (if needed) and/or do what it takes to show
> how
> to disable them in the conf file (which i believe is actually shown in the
> newer
> stuff)... i know that some of this is available... however in the
> environment
> i'm working with, while it is running 2.8.6.1, we're still using the
> default
> 2.8.3.1 conf file that was used when this custom distro was built and snort
> was
> included in it... i suspect that this conf file is the one from the snort
> package and not the VRT distributed one... this mainly to avoid overwriting
> the
> one we're using which may have custom entries in it... i know of at least
> two
> that would really cause problems with the system if the conf file were to
> simply
> be overwritten with the one in the rules snapshots...
>
> so, yes, with all of that said, i'm now looking into publishing an updated
> snort.conf for this environment and trying to maintain it and possibly
> newer
> snort versions with my add-on enhancement to this environment...
>
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users