Snort mailing list archives
Re: configure options for 2.9.4
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 15 Feb 2013 13:24:14 -0500
The options that give you errors won't cause overhead if you don't use them. And if you aren't inline, you can't use the normalizer. That said, please send your error output to bugs () sourcefire com and we'll get that addressed. Thanks Russ On Fri, Feb 15, 2013 at 12:59 PM, John York <YorkJ () brcc edu> wrote:
Hi I'm building an IDS sensor for 2.9.4. Can I save overhead by disabling the IPS portions? I see that the default listed at the top of snort.conf is this: OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 I'm trying these changes, but they cause make to have errors: --disable-active-response --disable-normalizer --disable-react --disable-flexresp3. It looks like everything works if I remove --disable-flexresp3. What should be the configure options for a non-blocking IDS install? Note: Ubuntu 12.04.1 LTS, with these apt packages: libpcap0.8-dev libpcre3-dev g++ bison flex make zlib1g-dev daq-2.0.0 libdnet-1.12 thanks John ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- configure options for 2.9.4 John York (Feb 15)
- Re: configure options for 2.9.4 Russ Combs (Feb 15)
- Re: configure options for 2.9.4 waldo kitty (Feb 15)