[Snort-users] Snort 2.0 rc1 available

McLaughlin, Andrew Andrew.McLaughlin at ...9580...
Sun Jun 29 22:31:17 EDT 2003


Apologies as this is not strictly snort related - however when using
snortcenter - what is the most effective way to enter config: commands
(as manually modifying the snort.conf file does not work very well - see
below)  Obvioiusly it can't be entered via any of the "Config Types" or
"Rules" menus so I am at a loss...unless there is anoother way??

After I manually edit snort.eth0.conf or snort.eth0.conf.good the
config: commands are always overwritten when I do a push with updated
snort.conf file...

I am essentially trying to remove the T/TCP alerts via snortcenter.

Running....
-*> Snort! <*-
Version 2.0.0 (Build 72)
Snortcenter v0.9.6
RH9, ACID, MySQL

Thanks,
Andy.



-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...] 
Sent: Monday, 31 March 2003 11:56 PM
To: Slighter, Tim; Snort Users List
Subject: Re: [Snort-users] Snort 2.0 rc1 available


"Slighter, Tim" <tslighter at ...5174...> writes:

> One particular issue I have seen with this new release is that the 
> "config" option in snort.conf do not seem to work.

remove the colons. Was already corrected in CVS.
>
> # Configure the snort decoder:
> # ============================
> #
> # Stop generic decode events:
> #
> # config: disable_decode_alerts
> #
> # Stop Alerts on experimental TCP options
> #
> # config: disable_tcpopt_experimental_alerts
> #
> # Stop Alerts on obsolete TCP options
> #
> # config: disable_tcpopt_obsolete_alerts
> #
> # Stop Alerts on T/TCP alerts
> #
> # config: disable_ttcp_alerts
> #
> # Stop Alerts on all other TCPOption type events:
> #
> # config: disable_tcpopt_alerts
> #
> # Stop Alerts on invalid ip options
> # config: disable_ipopt_alerts
>
> -----Original Message-----
> From: Bennett Todd [mailto:bet at ...6163...]
> Sent: Thursday, March 27, 2003 10:35 AM
> To: snort-users at lists.sourceforge.net; 
> snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort 2.0 rc1 available
>
>
> Excellent, terrific.
>
> So far the only compat problem I've turned up (relative to 1.9.x) is 
> the fix to broken "-s" processing on the cmdline.
>
> -Bennett
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Chris Green <cmg at ...1935...>
You now have 14 minutes to reach minimum safe distance.


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list