[Snort-users] Manifest file without shared memory in reputation preprocessor

Hui Cao (huica) huica at ...589...
Mon May 12 12:37:14 EDT 2014


Currently, manifest is tied to shared memory.
You can let each snort instance load from different folder and load as blacklist.  For the blacklist alert, replace drop with alert action.

Best,
Hui.

From: Eugenio Pérez <eupm90 at ...11827...<mailto:eupm90 at ...11827...>>
Date: Monday, May 12, 2014 at 12:23 PM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>" <snort-users at lists.sourceforge.net<mailto:snort-users at ...2987...rge.net>>
Subject: [Snort-users] Manifest file without shared memory in reputation preprocessor

Hi all. Is there any way to use the manifest file without using shared memory?

The problem is I have various snort instances in the same machine, and they could have different reputation rules each one. Also, I want to use the 'monitor' type, that I only can use in manifest file.

Any idea? Thanks and regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/e6ac4e94/attachment.html>


More information about the Snort-users mailing list