[Snort-users] snort.conf differences in Snort

Joel Esler (jesler) jesler at ...589...
Fri Apr 8 14:55:15 EDT 2016

The one on the webpage is generally more up to date than the one in the tarball, and that’s the one we recommend.

Joel Esler
Manager, Talos Group

On Apr 8, 2016, at 3:30 AM, Y M <snort at ...15979...<mailto:snort at ...15979...>> wrote:

Hello all,

snort.conf in the Snort tarball is not in sync with the snort.conf at https://www.snort.org/documents/snort-2982-conf. Of importance, the differences involve ports definitions, rules inclusion, and preprocessor configurations. The major differences are posted below. Which conf file to go by?

1. snort.conf in snort- contains the legacy dynamic libraries only. It does not include the new ones as defined in this blog post: http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html.<http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html>
3. normalize_tcp options
4. stream5_tcp options and ports
5. http_inspect_server ports
6. ssl preprocessor ports
7. rules files inclusion.

Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160408/31a0ecbe/attachment.html>

More information about the Snort-users mailing list