[Snort-devel] Question regarding config binding configuration option.

beenph beenph at ...2499...
Wed Jul 7 17:23:17 EDT 2010


Thanks for the quick answer Steven, wanted to confirm my assumptions.


On Wed, Jul 7, 2010 at 5:07 PM, Steven Sturges
<steve.sturges at ...402...> wrote:
> The main config is the "default", ie, used if packet doesn't
> match any of the bound configs.
>
> Think of each config_vlan_x.conf as its own snort.conf with
> respect to variables, rules that are enabled, etc.  So, within
> each of those, you'd have the necessary preprocessor
> configurations and rules for that vlan.
>
> For preprocessors that have memory specific configurations (stream5,
> frag3), you specify the memory settings in the base snort.conf,
> and then the specific policy targets and "detection" type
> configurations for those preprocessors in each of the config_vlan_x.conf
> files.
>
> Refer to section 2.10 of the Snort manual...
>
> Cheers.
> -steve
>
> On 7/7/2010 4:33 PM, beenph wrote:
>> Hello all, i must admit i didin't look at the implementation before
>> asking what i am about to ask but
>> i am sure someone near the source of the flames will know the anwser.
>>
>> Let say i have a main config like this:
>>
>> <STUFF I WANT FOR BOTH CONFIG>
>> #some static preprocessor config without  dependance to $HOME_NET or
>> other variables
>> #and other generalities like basic path and stuff
>> </STUFF I WANT FOR BOTH CONFIG>
>>
>> config binding: config_vlan1.conf vlan 1
>> config binding: config_vlan2.conf vlan 2
>>
>> <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION>
>> #Specific preprocessor configuration with dependance to $HOME_NET or
>> other variables
>> #Specific rule files
>> </STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION>
>>
>> Does the declaration of  variables in the general configuration need
>> to be duplicated  (example HOME_NET), or would delaration of
>> (HOME_NET) that would be done in each config would propagate
>> to <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION> aka rules.
>>
>> I hope i am clear, if not i will try to give a more clear fictious example.
>>
>> -elz
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Sprint
>> What will you do first with EVO, the first 4G phone?
>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>




More information about the Snort-devel mailing list