[Snort-users] snort.conf differences in Snort 2.9.8.2

Joel Esler (jesler) jesler at ...589...
Fri Apr 8 14:55:15 EDT 2016


The one on the webpage is generally more up to date than the one in the tarball, and that’s the one we recommend.

--
Joel Esler
Manager, Talos Group




On Apr 8, 2016, at 3:30 AM, Y M <snort at ...15979...<mailto:snort at ...15979...>> wrote:

Hello all,

snort.conf in the Snort 2.9.8.2 tarball is not in sync with the snort.conf at https://www.snort.org/documents/snort-2982-conf. Of importance, the differences involve ports definitions, rules inclusion, and preprocessor configurations. The major differences are posted below. Which conf file to go by?

1. snort.conf in snort-2.9.8.2.tar.gz contains the legacy dynamic libraries only. It does not include the new ones as defined in this blog post: http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html.<http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html>
2. HTTP_PORTS
3. normalize_tcp options
4. stream5_tcp options and ports
5. http_inspect_server ports
6. ssl preprocessor ports
7. rules files inclusion.

YM
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/31a0ecbe/attachment.html>


More information about the Snort-users mailing list