[Snort-users] variable question

Mike Ellis mellis at ...6912...
Tue Jun 10 07:07:05 EDT 2003


I am running snort on my network, and am working on fine tuning the
rulebase to eliminate a lot of the false positives that my normal net
traffic generates.  To do so, I have been working with variables.

My EXTERNAL_NET variable looks like this in my snort.conf file:


I have defined HOME_NET and NCREN prior to establishing the EXTERNAL_NET
variable.  What I want to do is have my EXTERNAL_NET look at all things
except for HOME_NET and NCREN.  Can someone let me know if, as it is
written above, the variable statement should work?

Also, is there a command I can run to see what snort thinks my
EXTERNAL_NET variable is?

Thanks for reading, and for any assitance you can provide.


Mike Ellis

Telecommunications & Security Manager
(919) 549-7824
mellis at ...6912...

More information about the Snort-users mailing list