[Snort-users] command line options...
wkitty42 at ...14940...
Thu Sep 23 21:44:31 EDT 2010
On 9/23/2010 20:22, Russ Combs wrote:
> On Thu, Sep 23, 2010 at 5:34 PM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
> On 9/23/2010 16:22, Jefferson, Shawn wrote:
> > It's definitely in the config.log in the directory where you ran
> configure/make if you still have that around.
> yes, actually, i do still have that on the devel box with its "unique" build
> environment... thanks to you and others who have responded... i was hoping that
> there was a command line option so that those who get/use pre-compiled versions
> of snort would have a method of listing them...
> You can also run:
> pkg-config --cflags snort
i don't have pkg-config available in my environment...
> etc. If snort.pc is in an unusual place, set this:
however, i do have this snort.pc file and was looking at it earlier... i can say
that it is much easier to read in raw format than config.log ;)
so, can you or anyone else say what the defaults are in snort if none of the
"VRT recommended compile options" are used?
personally speaking, i think i'd flip VRT's logic and default them to being
enabled (except for IPv6)... then use "disable-blah" at compile time to
eliminate them from the binary (if needed) and/or do what it takes to show how
to disable them in the conf file (which i believe is actually shown in the newer
stuff)... i know that some of this is available... however in the environment
i'm working with, while it is running 18.104.22.168, we're still using the default
22.214.171.124 conf file that was used when this custom distro was built and snort was
included in it... i suspect that this conf file is the one from the snort
package and not the VRT distributed one... this mainly to avoid overwriting the
one we're using which may have custom entries in it... i know of at least two
that would really cause problems with the system if the conf file were to simply
be overwritten with the one in the rules snapshots...
so, yes, with all of that said, i'm now looking into publishing an updated
snort.conf for this environment and trying to maintain it and possibly newer
snort versions with my add-on enhancement to this environment...
More information about the Snort-users