[Snort-users] Noob question on snort.conf

Erek Adams erek at ...950...
Sun Jun 1 07:22:03 EDT 2003

On Sat, 1 Jun 2002, storm wrote:

> Hi everyone. Need a little help with snort.conf editing.
> i ucommented the line that says:
> #You can specify it explicity as:
> #var HOME_NET
> #or use global variable etc etc
> and I commented it to:
> #var HOME_NET
> Is this all I have to do to set HOME_NET? I notice there were a bunch of
> other things you could comment that were related to HOME_NET. Is what I
> did enough?

You need to find the line that reads:

	var HOME_NET any

and change it to:

	var HOME_NET <your_ip_range>

Where <your_ip_range> is the network you want to watch.  So if that
network was it would be:


Notice there is no # in front of it.  #'s are comments and the parser
ignores any line that starts with a #.

> Also, where it asks you to list the servers on your network like this:

Look at that again.  It actually reads:


Again, notice no # at the start of the line.

> Where do I put the ip of the webserver? I suppose where it says

You could or if your webserver is in your HOME_NET you could just leave it
the way it is.

Be sure and check out the Snort Manual and Snort FAQ.  Quite a bit of
questions like these are answered inside them.  Yes, that means you have
to _READ_ them, since osmosis doesn't work for learning.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list