mkettler at ...4108...
Wed Feb 11 14:14:03 EST 2004
At 03:20 PM 2/11/2004, Drew Smith wrote:
>I've just recently upgraded to snort-2.1.1-RC1 and over the past few
>days I've working on getting some of the http stuff worked out. After
>having done the RTFD thing over and over, I have to ask. It is stated in
>the default snort.conf that I can't use "var HTTP_PORTS [80,8080]", but
>I should use [80:8080] instead? I can't do that. If I set up my ports
>that way, rules that use HTTP_PORTS break.
If you RTFD a bit closer, they suggest that you use 80:8080 not [80:8080].
Does it work better without the ?
snort.conf: Port lists must either be continuous [eg 80:8080], or a single
port [eg 80].
In the two examples above, the  are part of the text, not the suggested
More information about the Snort-users