[Snort-users] Manifest file without shared memory in reputation preprocessor

Eugenio Pérez eupm90 at ...11827...
Mon May 12 12:54:18 EDT 2014


Hi Hui, thanks for your fast response.

And what if I want to block, alert and bypass, three different actions on
various different ip?


2014-05-12 18:37 GMT+02:00 Hui Cao (huica) <huica at ...589...>:

>  Currently, manifest is tied to shared memory.
> You can let each snort instance load from different folder and load as
> blacklist.  For the blacklist alert, replace drop with alert action.
>
>  Best,
> Hui.
>
>   From: Eugenio Pérez <eupm90 at ...11827...>
> Date: Monday, May 12, 2014 at 12:23 PM
> To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net
> >
> Subject: [Snort-users] Manifest file without shared memory in reputation
> preprocessor
>
>   Hi all. Is there any way to use the manifest file without using shared
> memory?
>
> The problem is I have various snort instances in the same machine, and
> they could have different reputation rules each one. Also, I want to use
> the 'monitor' type, that I only can use in manifest file.
>
>  Any idea? Thanks and regards.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/c707a682/attachment.html>


More information about the Snort-users mailing list