[Snort-users] Snort inline configuration

Ueli Kistler iuk at ...1171...
Thu Apr 10 07:00:22 EDT 2003


Hello

i'm adding Snort inline configuration support to IDScenter
(Snort 1.9.1 Win32,  for Snort 2.0 i'm waiting for a manual because 
there are at least 5 new options that aren't available in command-line i 
think? ..)

Some options are only available on commad-line though (-C .. ok that is 
for a good reason), but some others are not.

Not listed in manual but available
-P = snaplen
-G = "ghetto_msg" // Basic/Url Reference .. strange name but anyway ;)

Not listed in manual AND not available:
-w  // Dump 802.11 control and management frames 

Not available and not required in Inline mode:
-c  // config file
-A // alert mode
-b // tcpdump
-s // syslog
-E // NT Event log

Currently available in Snort 1.9.1 source code:
order
alertfile
classification
decode_arp
dump_chars_only
dump_payload
disable_decode_alerts
decode_data_link
bpf_file
set_gid
daemon
ghetto_msg: basic / url
reference_net
interface
alert_with_interface_name
logdir
umask
pkt_count
nolog
obfuscate
no_promisc
snaplen
quiet
read_bin_file
chroot
checksum_mode
set_uid
utc
verbose
dump_payload_verbose
show_year
stateful
min_ttl
reference

Regards,
    Ueli Kistler
    iuk at ...1171...

--






More information about the Snort-users mailing list