[Snort-users] Using the -h switch (HOME_NET on command line).

Vitaly McLain twistah at ...93...
Tue Aug 1 01:40:49 EDT 2000


Hi,

Thanks for all the help I received on my last question. It did help.

But now I have another question now (and it's late, so I'm probably
overlooking something):

My IP changes everytime I log on to the Net (dynamic IP, PPP link). I wrote
a simple script (as the one on snort.org didn't do what I needed it to do)
which finds my IP and specifies on on the command line when running snort as
myip/32.

My question is, does this OVERRIDE the $HOME_NET variable in the ruleset?
That's what I need it to do. I also need this line to work:
preprocessor portscan: $HOME_NET 3 5 /var/log/snort/portscan.log
I thought that if I specified -h on the command line, the data I provided
would become $HOME_NET. Thus the portscan line would work and so would the
rest of the rules file. This doesn't seem to happen. And so, my biggest
questions are:

1) How can I override/set the $HOME_NET variable for snort on the command
line?
2) If the above doesn't work, can I get snort to execute commands on the
shell through the rules file?
3) What does everyone that has PPP and a dynamic IP use to get snort to
work?

Thanks for your answers,
Vitaly McLain
twistah at ...93...
P.S -- Excuse any stupid grammar mistakes, etc. It's late and I'm kinda
tired :(





More information about the Snort-users mailing list