[Snort-users] Documentation!!

SN ORT snort_on_acid at ...131...
Wed Feb 11 09:23:08 EST 2004


Would it be possible to make the documents with more
complete examples. For instance while (attempting)
tuning the HTTP_INSPECT using the configs in the
README.http_inspect file (being a good Snort-citizen,
I read the document):
I used the config options, trying to figure out if
these all go on the same line or different, trying to
figure out by trial and error if I can use a variable
for the "servers" IP address, such as $HTTP_SERVERS!!
(so now how do I specify more than one?), found out
for myself I have to use the "\" to specify more
options, and then find out there has to be a space
between the last character and the "\", and then
finally find out that I can't even use all of the
options per the error below.

"Invalid token while configuring the profile token. 
The only allowed tokens when configuring profiles are:
'ports', 'iis_unicode_map', 'allow_proxy_use',
'flow_depth', 'no_alerts', 'oversize_dir_length', and
'inspect_uri_only'."

So now I can't use the "bare_byte or non_rfc_Char
options along with the rest? What a PAIN!

SO forget about using http_inspect and forget about
ANY decoder, turn all of them off. Now I'm just trying
to find out which command shuts off which decoder, I
thought I shut off every possibility after readin gthe
doc, but, I still get alerts! Grrr.

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html




More information about the Snort-users mailing list