[Snort-users] command line options...

waldo kitty wkitty42 at ...14940...
Thu Sep 23 21:44:31 EDT 2010


On 9/23/2010 20:22, Russ Combs wrote:
>
>
> On Thu, Sep 23, 2010 at 5:34 PM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
>
>     On 9/23/2010 16:22, Jefferson, Shawn wrote:
>      > It's definitely in the config.log in the directory where you ran
>     configure/make if you still have that around.
>
>     yes, actually, i do still have that on the devel box with its "unique" build
>     environment... thanks to you and others who have responded... i was hoping that
>     there was a command line option so that those who get/use pre-compiled versions
>     of snort would have a method of listing them...
>
>
> You can also run:
>
> pkg-config --cflags snort

i don't have pkg-config available in my environment...

> etc.  If snort.pc is in an unusual place, set this:

however, i do have this snort.pc file and was looking at it earlier... i can say 
that it is much easier to read in raw format than config.log ;)

so, can you or anyone else say what the defaults are in snort if none of the 
"VRT recommended compile options" are used?

personally speaking, i think i'd flip VRT's logic and default them to being 
enabled (except for IPv6)... then use "disable-blah" at compile time to 
eliminate them from the binary (if needed) and/or do what it takes to show how 
to disable them in the conf file (which i believe is actually shown in the newer 
stuff)... i know that some of this is available... however in the environment 
i'm working with, while it is running 2.8.6.1, we're still using the default 
2.8.3.1 conf file that was used when this custom distro was built and snort was 
included in it... i suspect that this conf file is the one from the snort 
package and not the VRT distributed one... this mainly to avoid overwriting the 
one we're using which may have custom entries in it... i know of at least two 
that would really cause problems with the system if the conf file were to simply 
be overwritten with the one in the rules snapshots...

so, yes, with all of that said, i'm now looking into publishing an updated 
snort.conf for this environment and trying to maintain it and possibly newer 
snort versions with my add-on enhancement to this environment...





More information about the Snort-users mailing list