Re: configure options for 2.9.4

[waldo kitty <wkitty42 () windstream net>]

On 2/15/2013 12:59, John York wrote:
> Hi
> I'm building an IDS sensor for 2.9.4.  Can I save overhead by disabling the IPS portions?  I see that the default 
> listed at the top of snort.conf is this:
> OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib 
> --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
>
> I'm trying these changes, but they cause make to have errors:
> --disable-active-response
> --disable-normalizer
> --disable-react
> --disable-flexresp3.
>
> It looks like everything works if I remove --disable-flexresp3.  What should be the configure options for a 
> non-blocking IDS install?

we don't "remove" anything... we compile snort with the defaults plus maybe 
adding a few... the difference between IDS and IPS is in how you run it... 
inline with active blocking of DROP rules is IPS... we simply use everything as 
is and leave the rules as ALERT rules which are then processed from the 
resulting logs and then blocks are triggered...



------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, 
is your hub for all things parallel software development, from weekly thought 
leadership blogs to news, videos, case studies, tutorials, tech docs, 
whitepapers, evaluation guides, and opinion stories. Check out the most 
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!