[Snort-users] Manifest file without shared memory in reputation preprocessor
eupm90 at ...11827...
Mon May 12 12:54:18 EDT 2014
Hi Hui, thanks for your fast response.
And what if I want to block, alert and bypass, three different actions on
various different ip?
2014-05-12 18:37 GMT+02:00 Hui Cao (huica) <huica at ...589...>:
> Currently, manifest is tied to shared memory.
> You can let each snort instance load from different folder and load as
> blacklist. For the blacklist alert, replace drop with alert action.
> From: Eugenio Pérez <eupm90 at ...11827...>
> Date: Monday, May 12, 2014 at 12:23 PM
> To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net
> Subject: [Snort-users] Manifest file without shared memory in reputation
> Hi all. Is there any way to use the manifest file without using shared
> The problem is I have various snort instances in the same machine, and
> they could have different reputation rules each one. Also, I want to use
> the 'monitor' type, that I only can use in manifest file.
> Any idea? Thanks and regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users