Re: Is my "snort.conf" OK?

["Joel Esler (jesler)" <jesler () cisco com>]

You need brackets on each end, but yes, a comma between fields is enough.

Also, I’d rely on the Snort Manual at manual.snort.org<http://manual.snort.org>, which is kept up to date.  Books 
aren’t.


--
Joel Esler
Manager, Talos Group




On Feb 22, 2016, at 10:33 AM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote:

According to below, a "," is enough ?
http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-5-SECT-1.html


On Monday, February 22, 2016 6:59 PM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote:


Thank you. For specific two DNS address is my syntax correct :

# List of DNS servers on your network
ipvar DNS_SERVERS [XXX.XXX.XXX.XXX,!XXX.XXX.XXX.XXX]


On Monday, February 22, 2016 6:22 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote:


I believe what you are looking for can be found here:

http://manual.snort.org/node16.html#SECTION00312000000000000000

--
Joel Esler
Manager, Talos Group




On Feb 22, 2016, at 4:31 AM, Jason Long <hack3rcon () yahoo com<mailto:hack3rcon () yahoo com>> wrote:

Hello.
I upload my config file here and I'm thankful if you look at this :

http://pastebin.ubuntu.com/15169338/


How about below parts? If I want define two IP addresses and DNS then I must use "," for separate them?

# Setup the network addresses you are protecting
ipvar HOME_NET XXX.XXX.XXX.XXX

# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET XXX.XXX.XXX.XXX

# List of DNS servers on your network
ipvar DNS_SERVERS XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX

# List of SMTP servers on your network
ipvar SMTP_SERVERS $HOME_NET

# List of web servers on your network
ipvar HTTP_SERVERS XXX.XXX.XXX.XXX


Thank you.


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!







------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!