Snort mailing list archives
Re: Question regarding $HOME_NET
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 25 Jun 2014 13:45:44 +0000
https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md On Jun 25, 2014, at 8:55 AM, Charlie Egan <chas5873 () gmail com> wrote: I believe I tried that already although I was still having issues with it. I'll definitely have another try when I get a chance later and let you know how I get on with it. Cheers! On Wed, Jun 25, 2014 at 1:03 AM, waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote: On 6/24/2014 3:34 PM, Charlie Egan wrote:
Hi guys, I'm having some trouble when it comes to using $HOME_NET & $EXTERNAL_NET in my rule header. In my snort.conf file, I have my settings as; ipvar HOME_NET 192.168.207.0/24<http://192.168.207.0/24> <http://192.168.207.0/24> ipvar EXTERNAL_NET any For some reason though, when I'm using these in my rules, my rules don't work at all. I'm able to use the EXTERNAL_NET option in my rules, although the HOME_NET isn't working whatsoever.
$EXTERNAL_NET is encompassing your $HOME_NET... change it to !$HOME_NET and see
what happens...
--
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>
Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Question regarding $HOME_NET Charlie Egan (Jun 24)
- Re: Question regarding $HOME_NET waldo kitty (Jun 24)
- Re: Question regarding $HOME_NET Charlie Egan (Jun 25)
- Re: Question regarding $HOME_NET Joel Esler (jesler) (Jun 25)
- Re: Question regarding $HOME_NET Charlie Egan (Jun 25)
- Re: Question regarding $HOME_NET waldo kitty (Jun 24)