[Snort-users] Snort logging and the home network

McCammon, Keith Keith.McCammon at ...3497...
Wed Mar 6 12:42:59 EST 2002


$HOME_NET is just a variable that is used within the config/rules files,
mainly .  Don't think of it as a Snort directive, but rather as a simple
time-saver, so that every person who downloads Snort doesn't have to
run/create some silly script to drop x.x.x.x/x into every rule that
applies.

The -h in the command line is the directive that actually tells Snort
which network should be treated like the "target," if you will.

Hope this helps.

Keith

-----Original Message-----
From: Bill McCarty [mailto:bmccarty at ...5196...]
Sent: Wednesday, March 06, 2002 3:01 PM
To: snort users list
Cc: kamesh_rajaram at ...4543...
Subject: [Snort-users] Snort logging and the home network

<snip>
I checked my startup script and found it did not include the -h option.
So, 
as an experiment, I added one specifying the home net, and restarted
snort. 
Bingo! I immediately got the logs that had stopped appearing.

Q: What is the relationship between the HOME_NET variable in snort.conf
and 
the -h switch on the command line? I hope that, by better understanding 
this, I'll know why my configuration ceased working.
</snip>




More information about the Snort-users mailing list