[Snort-devel] Question regarding config binding configuration option.

Steven Sturges steve.sturges at ...402...
Wed Jul 7 17:07:50 EDT 2010


The main config is the "default", ie, used if packet doesn't
match any of the bound configs.

Think of each config_vlan_x.conf as its own snort.conf with
respect to variables, rules that are enabled, etc.  So, within
each of those, you'd have the necessary preprocessor
configurations and rules for that vlan.

For preprocessors that have memory specific configurations (stream5,
frag3), you specify the memory settings in the base snort.conf,
and then the specific policy targets and "detection" type
configurations for those preprocessors in each of the config_vlan_x.conf
files.

Refer to section 2.10 of the Snort manual...

Cheers.
-steve

On 7/7/2010 4:33 PM, beenph wrote:
> Hello all, i must admit i didin't look at the implementation before
> asking what i am about to ask but
> i am sure someone near the source of the flames will know the anwser.
> 
> Let say i have a main config like this:
> 
> <STUFF I WANT FOR BOTH CONFIG>
> #some static preprocessor config without  dependance to $HOME_NET or
> other variables
> #and other generalities like basic path and stuff
> </STUFF I WANT FOR BOTH CONFIG>
> 
> config binding: config_vlan1.conf vlan 1
> config binding: config_vlan2.conf vlan 2
> 
> <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION>
> #Specific preprocessor configuration with dependance to $HOME_NET or
> other variables
> #Specific rule files
> </STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION>
> 
> Does the declaration of  variables in the general configuration need
> to be duplicated  (example HOME_NET), or would delaration of
> (HOME_NET) that would be done in each config would propagate
> to <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION> aka rules.
> 
> I hope i am clear, if not i will try to give a more clear fictious example.
> 
> -elz
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list