[Snort-devel] Command line override (-A -s -M options)

Jed Pickel jed at ...7...
Wed Aug 8 17:38:59 EDT 2001


The behavior of snort when using the "-A", "-s," or "-M" command line
options is to override output plugins in the users configuration file.
The README file and snort.8 only mentions this for the "-s" option.

rules.c does include the following lines when one of these options is
used:

ErrorMessage("WARNING: command line overrides rules file alert plugin!\n");
ErrorMessage("WARNING: command line overrides rules file log plugin!\n");

Regardless, this issue tends to generate a lot of confusion for users
of output plugins and a lot of support mail.

That being said, would it be feasible to remove the
pv.[alert|log]_command_override checks and have both command line
output options and output plugins -- or would this cause a
complication I am not considering?

* Jed




More information about the Snort-devel mailing list