[Snort-users] Semantics of ipvar HOME_NET
research at ...17107...
Mon Mar 2 16:11:02 EST 2015
ANSWERED - Turns out I didn’t read the comment *DIRECTLY* above that line and the word “home” was confusing me.
The comment is:
# Setup the network addresses you are protecting
ipvar HOME_NET 18.104.22.168
…means provide snort analysis on web server at 22.214.171.124.
On Mar 2, 2015, at 3:15 PM, Research <research at ...17107...> wrote:
> I am currently using snort as an IDS on a web server.
> In /etc/snort/snort.conf when I have the variable “HOME_NET”, I understand that in an inline context, that would be my network block for my internal network (i.e.: 192.168.1.0/24). In my context, though, is it correct to set HOME_NET to the IP address of my web server as the IP address is the one I am trying to monitor ?
More information about the Snort-users