Snort mailing list archives
Re: Is my "snort.conf" OK?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 22 Feb 2016 15:35:41 +0000
You need brackets on each end, but yes, a comma between fields is enough. Also, I’d rely on the Snort Manual at manual.snort.org<http://manual.snort.org>, which is kept up to date. Books aren’t. -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 10:33 AM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote: According to below, a "," is enough ? http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-5-SECT-1.html On Monday, February 22, 2016 6:59 PM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote: Thank you. For specific two DNS address is my syntax correct : # List of DNS servers on your network ipvar DNS_SERVERS [XXX.XXX.XXX.XXX,!XXX.XXX.XXX.XXX] On Monday, February 22, 2016 6:22 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: I believe what you are looking for can be found here: http://manual.snort.org/node16.html#SECTION00312000000000000000 -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 4:31 AM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote: Hello. I upload my config file here and I'm thankful if you look at this : http://pastebin.ubuntu.com/15169338/ How about below parts? If I want define two IP addresses and DNS then I must use "," for separate them? # Setup the network addresses you are protecting ipvar HOME_NET XXX.XXX.XXX.XXX # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET XXX.XXX.XXX.XXX # List of DNS servers on your network ipvar DNS_SERVERS XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX # List of SMTP servers on your network ipvar SMTP_SERVERS $HOME_NET # List of web servers on your network ipvar HTTP_SERVERS XXX.XXX.XXX.XXX Thank you. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Jason Long (Feb 22)
- Re: Is my "snort.conf" OK? Joel Esler (jesler) (Feb 22)