[Snort-users] VAR and IP lists

Subba Rao sailorn at ...261...
Sat Mar 30 05:14:04 EST 2002


Hi

I have declared a variable for a list of addresses that I wanted to ignore.
(The list is much longer than what I have listed here)

var SVCS 10.11.10.11 10.11.10.12 10.11.10.13
var SVCS2 10.11.10.30 10.11.10.40 10.11.10.50

Snort starts up fine without complaining. It does however miss some of these
IP addresses
in the rules.

What is the correct syntax for declaring variables with list of IP
addresses? I used the
example from Snort manual.

What is the limit of IP addresses that can be assigned to a variable? I had
to chop the IP addresses after 70 and create a new variable. (I was trying
to assign 300 IP addresses to a variable and Snort did not like that.) I did
not look for the IP address threshold for the variable but randomly picked
70 as the limit.

Thank you in advance.

Subba Rao
sailorn at ...261...





More information about the Snort-users mailing list