[Snort-users] snort.conf differences in Snort 2.9.8.2

Y M snort at ...15979...
Fri Apr 8 03:30:20 EDT 2016


Hello all,


snort.conf in the Snort 2.9.8.2 tarball is not in sync with the snort.conf at https://www.snort.org/documents/snort-2982-conf. Of importance, the differences involve ports definitions, rules inclusion, and preprocessor configurations. The major differences are posted below. Which conf file to go by?


1. snort.conf in snort-2.9.8.2.tar.gz contains the legacy dynamic libraries only. It does not include the new ones as defined in this blog post: http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html.<http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html>

2. HTTP_PORTS

3. normalize_tcp options

4. stream5_tcp options and ports

5. http_inspect_server ports

6. ssl preprocessor ports

7. rules files inclusion.


YM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/e5322c07/attachment.html>


More information about the Snort-users mailing list