[Snort-users] Question About Variables
fivetenets at ...14399...
Fri Aug 10 17:07:10 EDT 2012
> Would this work to create a variable up top and I want to use the bind_to for several IPs but just want to append the last octet? Then everything not specically identified to just assume its Windows.
> I know in Windows you might use a "&" to combine a variable with text but wasn't sure how this was preferred in the Snort.conf.
> ipvar MPE_NET 10.10.10.
> preprocessor frag3_engine: policy BSD bind_to $HOME_NET.11
> preprocessor frag3_engine: policy Linux bind_to $HOME_NET.12
> #on and on for maybe a few more.
> #then I want to assume everything else is Windows.
> preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180
> Thanks again,
More information about the Snort-users