drew at ...11193...
Wed Feb 11 12:22:04 EST 2004
Greetings to the list. Newbie to the list onboard.
I've just recently upgraded to snort-2.1.1-RC1 and over the past few
days I've working on getting some of the http stuff worked out. After
having done the RTFD thing over and over, I have to ask. It is stated in
the default snort.conf that I can't use "var HTTP_PORTS [80,8080]", but
I should use [80:8080] instead? I can't do that. If I set up my ports
that way, rules that use HTTP_PORTS break. scan.rules barf's on doing a
I have found however that by using "var HTTP_PORTS 80: 443: 8007" it
doesn't complain and "var HTTP_PORTS 80: 443: 8007" seems to work as
well. Or does it? I'm not so sure it is actually getting the other ports
however. I'm pretty much certain that using the  in the assignment
doesn't want to work, not with 1 port defined or several. Is there any
easy way to figure out exactly what HTTP_PORTS is defined to?
-- there comes a time in the trial and error process that one must give
in and RTFD. And when that fails, ask.
More information about the Snort-users