[Snort-users] help with regular expressions
Julio E. Gonzalez P.
jegp at ...8756...
Wed Apr 2 08:03:31 EST 2003
I just install snort-2.0.0rc2 and want snort to NOT report any alert
from hosts a.a.a.a and host b.b.b.b of destiny c.c.c.c port dddd.
Is this correct?:
/usr/local/bin/snort -D -i eth1 -A fast -N -c
/usr/local/snort/rules/snort.conf not \( \(src host a.a.a.a or src host
b.b.b.b\) and dst host c.c.c.c and dst port dddd\)
It seems OK, is working now. Just want to verify with you, and want to
know if is possible to put that expression
in the file snort.conf, and how?
More information about the Snort-users