Snort mailing list archives
New snort.conf
From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Wed, 29 Dec 2010 16:26:17 -0500
So I finally made the push to start migrating everything to 2.9 in its latest iteration (2.9.0.3) as things have cooled down in both of the environments I run (CentOS & Debian). After compilation I started migrating and found the below snippet as a header in my new snort.conf file. Great information -- Well done guys! #-------------------------------------------------- # VRT Rule Packages Snort.conf # # For more information visit us at: # http://www.snort.org Snort Website # http://vrt-sourcefire.blogspot.com/ Sourcefire VRT Blog # # Mailing list Contact: snort-sigs () lists sourceforge net # False Positive reports: fp () sourcefire com # Snort bugs: bugs () snort org # # Compatible with Snort Versions: # VERSIONS : 2.9.0.3 # # Snort build options: # OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 #-------------------------------------------------- I'm really excited to see the snort build options listed in here, as it shows me what is really going on when I run: ./configure --enable-ipv6 --enable-decoder-preprocessor-rules --enable-sourcefire --enable-targetbased --enable-perfprofiling --enable-reload --enable-dynamicplugin After being puzzled for a minute I went through the configure options and noted that dynamicplugin is enabled by default, so I can see why that is left out, so I suppose the -enable-sourcefire turns on the following: --enable-gre --enable-mpls --enable-ppm --enable-zlib --enable-active-response --enable-normalizer --enable-react --enable-flexresp3 Is that a correct assessment? Thanks, Parker P.S. Perhaps consider adding a line in the "For more information visit us at" section pointing to the new Snort Blog?
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New snort.conf Crook, Parker (Dec 29)
- Re: New snort.conf Joel Esler (Dec 29)
- Re: New snort.conf Crook, Parker (Dec 30)
- Re: New snort.conf Joel Esler (Dec 30)
- Re: New snort.conf Crook, Parker (Dec 30)
- Re: New snort.conf Eoin Miller (Dec 29)
- Re: New snort.conf Joel Esler (Dec 29)