[Snort-users] Is my "snort.conf" OK?

Jason Long hack3rcon at ...131...
Mon Feb 22 10:40:11 EST 2016


Thank you.Thus, For each IP brackets are needed. For example "ipvar HOME_NET [ip]" is correct but "ipvar HOME_NET ip" is incorrect. 

    On Monday, February 22, 2016 7:05 PM, Joel Esler (jesler) <jesler at ...5925...9...> wrote:
 

 You need brackets on each end, but yes, a comma between fields is enough.
Also, I’d rely on the Snort Manual at manual.snort.org, which is kept up to date.  Books aren’t.

--Joel EslerManager, Talos Group




On Feb 22, 2016, at 10:33 AM, Jason Long <hack3rcon at ...131...> wrote:
According to below, a "," is enough ?http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-5-SECT-1.html


On Monday, February 22, 2016 6:59 PM, Jason Long <hack3rcon at ...131...> wrote:


Thank you. For specific two DNS address is my syntax correct :
# List of DNS servers on your network ipvar DNS_SERVERS [XXX.XXX.XXX.XXX,!XXX.XXX.XXX.XXX]

On Monday, February 22, 2016 6:22 PM, Joel Esler (jesler) <jesler at ...589...> wrote:


I believe what you are looking for can be found here:
http://manual.snort.org/node16.html#SECTION00312000000000000000
--Joel EslerManager, Talos Group




On Feb 22, 2016, at 4:31 AM, Jason Long <hack3rcon at ...131...> wrote:
Hello.
I upload my config file here and I'm thankful if you look at this :

http://pastebin.ubuntu.com/15169338/


How about below parts? If I want define two IP addresses and DNS then I must use "," for separate them?

# Setup the network addresses you are protecting
ipvar HOME_NET XXX.XXX.XXX.XXX

# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET XXX.XXX.XXX.XXX

# List of DNS servers on your network 
ipvar DNS_SERVERS XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX

# List of SMTP servers on your network
ipvar SMTP_SERVERS $HOME_NET

# List of web servers on your network
ipvar HTTP_SERVERS XXX.XXX.XXX.XXX


Thank you.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!










  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160222/ef4cb40f/attachment.html>


More information about the Snort-users mailing list