[Snort-users] running snort

Joel Esler jesler at ...1935...
Tue Apr 30 17:50:41 EDT 2013


On Apr 30, 2013, at 3:43 PM, Balla István <balla.bmf at ...11827...> wrote:

> please point to the appropriate chapter in snort manual (long one) where Decoding Ethernet is explained (and how to modify)

"Decoding Ethernet" means "Snort is running now!".  I suggest you add "-D" to your Snort command line to make Snort run as a daemon and then deal with the logs it produces.

> **one more thing: is "-h anyiphere" necessary in the line command once I set ipvar HOME_NET variable in snort.conf?

-h is for the command line.  If you are setting HOME_NET in your snort.conf, then no, you don't need it in your command line.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130430/c51bfbee/attachment.html>


More information about the Snort-users mailing list