[Snort-users] Semantics of ipvar HOME_NET

Research research at ...17107...
Mon Mar 2 16:11:02 EST 2015


ANSWERED - Turns out I didn’t read the comment *DIRECTLY* above that line and the word “home” was confusing me.

The comment is:

	# Setup the network addresses you are protecting

So…

	ipvar HOME_NET 1.2.3.4

…means provide snort analysis on web server at 1.2.3.4.


On Mar 2, 2015, at 3:15 PM, Research <research at ...17107...> wrote:

> Hello,
> 
> I am currently using snort as an IDS on a web server.
> 
> In /etc/snort/snort.conf when I have the variable “HOME_NET”, I understand that in an inline context, that would be my network block for my internal network (i.e.: 192.168.1.0/24).   In my context, though, is it correct to set HOME_NET to the IP address of my web server as the IP address is the one I am trying to monitor ?
> 
> Thanks




More information about the Snort-users mailing list