[Snort-users] Snort.conf 2.9.4
jesler at ...1935...
Wed Dec 5 09:02:35 EST 2012
On Dec 4, 2012, at 8:58 PM, Amm Snort <ammdispose-snort at ...131...> wrote:
> From: Michael Steele <michaels at ...9077...>
> To: snort-users at lists.sourceforge.net
> Sent: Wednesday, 5 December 2012 4:06 AM
> Subject: Re: [Snort-users] Snort.conf 2.9.4
> Also, matching the snort.conf from the 2.9.4 tarball and the snort.conf from the above 2.9.4 link, shows a multitude of differences.
> Is Sourcefire actually distributing the source and executables with updated configuration files, makes me wonder…
> I also have similar question.
> Is the snort.conf in the above link VRT specific snort.conf or those using ET can use it too.
People using other rulesets can use our snort.conf, but yes, it is specifically tailored to the VRT ruleset. It has our recommended settings and configuration that is tested across many platforms.
> Mostly differences are addition of new ports in directives.
Yes, but that's not all there will be.
> Also why is version mentioned as 18.104.22.168 in snort.conf?
> but snort download page and tarball it is versioned as 2.9.4?
> I think it should be in fixed format of 4 decimal places.
That's a good point. I'll see what I can do.
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users