Re: running snort

[Joel Esler <jesler () sourcefire com>]

On Apr 30, 2013, at 3:43 PM, Balla István <balla.bmf () gmail com> wrote:

> please point to the appropriate chapter in snort manual (long one) where Decoding Ethernet is explained (and how to 
> modify)

"Decoding Ethernet" means "Snort is running now!".  I suggest you add "-D" to your Snort command line to make Snort run 
as a daemon and then deal with the logs it produces.

> **one more thing: is "-h anyiphere" necessary in the line command once I set ipvar HOME_NET variable in snort.conf?

-h is for the command line.  If you are setting HOME_NET in your snort.conf, then no, you don't need it in your command 
line.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!