[Snort-users] -h command line option

Martin Roesch roesch at ...421...
Tue Apr 24 14:29:15 EDT 2001


FYI, the -h option is only useful if you're using the default logging
mechanism.  What it does is tell Snort what your home network is
(nothing at all to do with $HOME_NET) so that when it's creating the
directory structures for the log files, it does so *in terms of*  the
specified network.  When you do this, all logged traffic that comes from
external IP addresses is logged in directories that have the external IP
as the directory name.  

I did this way back when because it was useful to me on my cable modem
monitoring a single IP (i.e. the cable modem).  The default mechanism
isn't something I recommend for heavy usage, so -h has become somewhat
vestigial.

    -Marty

Kevin.Brown at ...1022... wrote:
> 
> Nothing.  If you have HOME_NET specified in the config then you don't need the
> -h option.
> 
> > If I have in snort.conf, for example:
> >
> > var HOME_NET [x.x.x.x/y,z.z.z.z/32]
> >
> > What should I put for the -h parameter for the command line? Or
> > is that parameter not needed anymore?
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list