[Snort-users] using full ip address

Vitaly McLain twistah at ...93...
Wed Oct 11 20:47:55 EDT 2000


> Hi
> What are the ramifications to using
> var HOME_NET

If you are talking about a single IP address, it would be /32, not /24. Or
am I misunderstanding what you are trying to do?

> rather than
> var HOME_NET

Using would mean Snort would only show alerts for that IP
address. Using would mean Snort would log alerts for the
whole 172.18.120.x subnet. Set HOME_NET to monitor whatever you need.

> This goes back to the thread of using
> ifconfig to determine the subnet address.
> to simplify deploying snort.

This is possible through shell scripting. The address_config.sh script at
www.snort.org works great.
You said "subnet address" and I am taking that to mean "IP address", so I
could be misunderstanding you.

Vitaly McLain
twistah at ...93...

More information about the Snort-users mailing list