[Snort-users] help with regular expressions
erek at ...950...
Wed Apr 2 08:50:43 EST 2003
On Wed, 2 Apr 2003, Julio E. Gonzalez P. wrote:
> Hi all!
> I just install snort-2.0.0rc2 and want snort to NOT report any alert
> from hosts a.a.a.a and host b.b.b.b of destiny c.c.c.c port dddd.
> Is this correct?:
> /usr/local/bin/snort -D -i eth1 -A fast -N -c
> /usr/local/snort/rules/snort.conf not \( \(src host a.a.a.a or src host
> b.b.b.b\) and dst host c.c.c.c and dst port dddd\)
Yep. That's what you want.
> It seems OK, is working now. Just want to verify with you, and want to
> know if is possible to put that expression
> in the file snort.conf, and how?
No, but you can place it into a file. Put it in a file and then use:
snort <options> -F bpf_file
or in snort.conf
config bpf_file: bpf_file
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users