[Snort-users] Question About Variables

Nicholas Horton fivetenets at ...14399...
Fri Aug 10 17:07:10 EDT 2012


> Would this work to create a variable up top and I want to use the bind_to for several IPs but just want to append the last octet?  Then everything not specically identified to just assume its Windows.
> 
> I know in Windows you might use a "&" to combine a variable with text but wasn't sure how this was preferred in the Snort.conf.
> 
> ipvar MPE_NET 10.10.10.
> 
> preprocessor frag3_engine: policy BSD bind_to $HOME_NET.11
> preprocessor frag3_engine: policy Linux bind_to $HOME_NET.12
> #on and on for maybe a few more.  
> #then I want to assume everything else is Windows.
> preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180
> 
> Thanks again,
> Nick




More information about the Snort-users mailing list