[Snort-users] snort.conf missing

Joel Esler (jesler) jesler at cisco.com
Tue Jan 22 13:38:55 EST 2019


Snort 3 snort.conf files are not compatible with Snort 2 and vice versa.

Snort 2 snort.conf files are on the documentation page.  Under "CONFS"



> On Jan 22, 2019, at 1:18 PM, Dorian ROSSE <dorianbrice at hotmail.fr> wrote:
> 
> Where can I find the snort.conf? 
> 
> I think I should copy paste the snort.conf in my snort3 for the 29120? 
> 
> Thank you in advance to answer if you are agree, 
> 
> Regards. 
> 
> 
> Dorian Rosse.
> 
> From: Joel Esler (jesler) <jesler at cisco.com>
> Sent: Tuesday, January 22, 2019 7:14:53 PM
> To: Dorian ROSSE
> Cc: Lucas Smith; snort-users at lists.snort.org
> Subject: Re: [Snort-users] snort.conf missing
>  
> That's not the snort.conf, that's the reference.config file.
> 
>> On Jan 22, 2019, at 12:38 PM, Dorian ROSSE <dorianbrice at hotmail.fr <mailto:dorianbrice at hotmail.fr>> wrote:
>> 
>> The content of the snort.conf :
>> 
>> 
>> # $Id$
>> # The following defines URLs for the references found in the rules
>> #
>> # config reference: system URL
>>  
>> config reference: bugtraq   http://www.securityfocus.com/bid/ <http://www.securityfocus.com/bid/>
>> config reference: cve       http://cve.mitre.org/cgi-bin/cvename.cgi?name= <http://cve.mitre.org/cgi-bin/cvename.cgi?name=>
>> config reference: arachNIDS http://www.whitehats.com/info/IDS <http://www.whitehats.com/info/IDS>
>> config reference: osvdb     http://osvdb.org/show/osvdb/ <http://osvdb.org/show/osvdb/>
>>  
>> # Note, this one needs a suffix as well.... lets add that in a bit.
>> config reference: McAfee    http://vil.nai.com/vil/content/v_ <http://vil.nai.com/vil/content/v_>
>> config reference: nessus    http://cgi.nessus.org/plugins/dump.php3?id= <http://cgi.nessus.org/plugins/dump.php3?id=>
>> config reference: url       http://
>> config reference: msb       http://technet.microsoft.com/en-us/security/bulletin/ <http://technet.microsoft.com/en-us/security/bulletin/>
>> 
>> 
>> there are some days when I go to the link I fall on the same html page !
>> 
>> Thank you in advance to help me,
>> 
>> Regards.
>> 
>> 
>> Dorian ROSSE.
>>  
>> De : Joel Esler (jesler) <jesler at cisco.com <mailto:jesler at cisco.com>>
>> Envoyé : Tuesday, January 22, 2019 6:16:13 PM
>> À : Dorian ROSSE
>> Cc : Lucas Smith; snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>> Objet : Re: [Snort-users] snort.conf missing
>>  
>> Please attach, or copy and paste the contents of the email file that you are downloading to this email.
>> 
>> Sent from my  iPhone
>> 
>> On Jan 22, 2019, at 12:01, Dorian ROSSE via Snort-users <snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>> wrote:
>> 
>>> There is nothing in the downloaded files :(
>>> 
>>> Dorian Rosse. 
>>> 
>>> From: Dorian ROSSE <dorianbrice at hotmail.fr <mailto:dorianbrice at hotmail.fr>>
>>> Sent: Tuesday, January 22, 2019 1:11:55 PM
>>> To: Lucas Smith
>>> Cc: snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>>> Subject: Re: [Snort-users] snort.conf missing
>>>  
>>> I tried this morning then successfully downloaded, 
>>> 
>>> Regards. 
>>> 
>>> 
>>> Dorian Rosse. 
>>> 
>>> From: Dorian ROSSE <dorianbrice at hotmail.fr <mailto:dorianbrice at hotmail.fr>>
>>> Sent: Tuesday, January 22, 2019 8:24:19 AM
>>> To: Lucas Smith
>>> Cc: snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>>> Subject: Re: [Snort-users] snort.conf missing
>>>  
>>> Ok I will try again, 
>>> 
>>> Thank you, 
>>> 
>>> Regards. 
>>> 
>>> 
>>> Dorian Rosse. 
>>> 
>>> From: Lucas Smith <vedalken at veddysec.net <mailto:vedalken at veddysec.net>>
>>> Sent: Tuesday, January 22, 2019 3:13:05 AM
>>> To: Dorian ROSSE
>>> Cc: snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>>> Subject: Re: [Snort-users] snort.conf missing
>>>  
>>> That link you posted is not even a snort.conf file but is a URL reference file. That being said, running the same command as you I downloaded fine and it is not an index.html file.
>>> 
>>> $ wget https://www.snort.org/documents/reference-config <https://www.snort.org/documents/reference-config>
>>> --2019-01-22 02:08:16--  https://www.snort.org/documents/reference-config <https://www.snort.org/documents/reference-config>
>>> Resolving www.snort.org <http://www.snort.org/> (www.snort.org <http://www.snort.org/>)... 2606:4700::6810:3e4b, 2606:4700::6810:424b, 2606:4700::6810:404b, ...
>>> Connecting to www.snort.org <http://www.snort.org/> (www.snort.org <http://www.snort.org/>)|2606:4700::6810:3e4b|:443... connected.
>>> HTTP request sent, awaiting response... 302 Found
>>> Location: https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/120/original/reference.config?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190122%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190122T020816Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=00f477222b99016a1bff1ae4b114a633298dc9fa55178b3ea2e05e5dadd0cb6b <https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/120/original/reference.config?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190122%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190122T020816Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=00f477222b99016a1bff1ae4b114a633298dc9fa55178b3ea2e05e5dadd0cb6b> [following]
>>> --2019-01-22 02:08:16--  https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/120/original/reference.config?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190122%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190122T020816Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=00f477222b99016a1bff1ae4b114a633298dc9fa55178b3ea2e05e5dadd0cb6b <https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/120/original/reference.config?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190122%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190122T020816Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=00f477222b99016a1bff1ae4b114a633298dc9fa55178b3ea2e05e5dadd0cb6b>
>>> Resolving snort-org-site.s3.amazonaws.com <http://snort-org-site.s3.amazonaws.com/> (snort-org-site.s3.amazonaws.com <http://snort-org-site.s3.amazonaws.com/>)... 52.216.227.8
>>> Connecting to snort-org-site.s3.amazonaws.com <http://snort-org-site.s3.amazonaws.com/> (snort-org-site.s3.amazonaws.com <http://snort-org-site.s3.amazonaws.com/>)|52.216.227.8|:443... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 687 [application/octet-stream]
>>> Saving to: ‘reference-config’
>>> 
>>> reference-config                        100%[==============================================================================>]     687  --.-KB/s    in 0.002s
>>> 
>>> 2019-01-22 02:08:17 (292 KB/s) - ‘reference-config’ saved [687/687]
>>> 
>>> 
>>> On the Documents site, you will have to find one compatible with your version of snort and the ones you'd need to look at go snort.x.conf where x is a set of numbers either 4 or 7 digits long.
>>> 
>>> Lucas
>>> 
>>> On Sat, Jan 19, 2019 at 2:15 AM Dorian ROSSE via Snort-users <snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>> wrote:
>>> I have a problem, 
>>> 
>>> I do this :
>>> 
>>> #wget https://www.snort.org/documents/reference-config <https://www.snort.org/documents/reference-config>
>>> 
>>> And finaly It download index.html instead à snort.conf file,
>>> 
>>> Anybody can help me? 
>>> 
>>> Thank you in advance, 
>>> 
>>> Regards. 
>>> 
>>> 
>>> Dorian Rosse. 
>>> 
>>> From: Dorian ROSSE
>>> Sent: Friday, January 18, 2019 3:20:29 PM
>>> To: snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>>> Subject: snort.conf missing
>>>  
>>> Hello,
>>> 
>>> 
>>> I checked on my two Ubuntu servers in snortVERSION folder and It miss at each servers the snort.conf file !
>>> 
>>> Thank you in advance to fix the problem,
>>> 
>>> Regards.
>>> 
>>> 
>>> Dorian ROSSE.
>>>  
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>
>>> 
>>>         To unsubscribe, send an email to:
>>>         snort-users-leave at lists.snort.org <mailto:snort-users-leave at lists.snort.org>
>>> 
>>> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
>>> 
>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>
>>> 
>>>    To unsubscribe, send an email to:
>>>    snort-users-leave at lists.snort.org <mailto:snort-users-leave at lists.snort.org>
>>> 
>>> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
>>> 
>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190122/644b598b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190122/644b598b/attachment.bin>


More information about the Snort-users mailing list