[Snort-users] inconsistency docu vs. snort.conf

Marcin Dulak marcin.dulak at ...11827...
Wed Jan 25 08:30:51 EST 2017


Maybe instead the docs could say: "please consult your snort.conf as the
authority about the specific values of the parameters" or something alike.

Marcin

On Wed, Jan 25, 2017 at 2:16 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

> We can adjust the documentation, but the Snort.conf is updated to stay
> current with threats and counter measures.  The docs sometimes don't keep
> up.
>
> --
> Sent from my iPhone
>
> > On Jan 25, 2017, at 6:38 AM, Felix Erlacher <felix.erlacher at ...17726...>
> wrote:
> >
> > Hi all,
> >
> > I think I just found an inconsistency between the official documentation
> > and the example snort.conf file.
> > In the current documentation for Snort 2.9.9 (dated November 14)
> > available on the snort.org webpage it says on page 46 for the
> > preprocessor stream5_tcp option "require_3whs" --> "the default is set
> > to off" and for the session grace period of that option "The default is
> > ”0”".
> > But in the sample snort.conf file in the snort 2.9.9.0 tarball as well
> > as the one on the webpage (https://www.snort.org/configurations) the
> > require_3whs option is enabled and the grace period set to 180 seconds.
> >
> > The same holds for the "detect_anomalies" option, docu says default is
> > off, in example snort.conf it is turned on.
> >
> > greetings
> >
> > --
> > Felix Erlacher
> >
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170125/369fb5eb/attachment.html>


More information about the Snort-users mailing list