[Snort-users] RE:The System works !! one question please !

Juan B juanbabi at ...131...
Mon Sep 20 23:43:02 EDT 2004


The problem if I use cidr is that in the range there
will be ip's that they don’t have http servers on tham
.

What will be the result of that ?

I am trying to reduce false positives...

I received another replay from Alex.Butcher he is
offering the folowing :

It looks like Snort's configuration file parser has a
maximum line length of 1024 characters (defined by
STD_BUF in src/snort.h). To (try to) change this,
you'll need to modify that definition in snort.h and
rebuild.

Alternatively, a workaround would be to define two or
more variables, and duplicate the signatures that use
HTTP_SERVERS.


I am afraid to compile again... after so much work it
took me to start it working...

What u soggest ?

Thanks !!

I am reading the book of jack koziol.




	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 




More information about the Snort-users mailing list