Snort mailing list archives
Limit on variable length?
From: Nare Do Well <naredowell () yahoo com>
Date: Wed, 15 Aug 2001 22:15:48 -0700 (PDT)
Is there a max length for variables declared in snort.conf ? (ie var INTERNAL xxx.xxx.xxx.xxx./xx and so on) I'm implimenting snort on a WAN with 25 seperate sub-net, with redundant gateways - trying to walk before running. Currently using snort 1.7 on RedHat 7.1 (waiting to see if 1.8.1 will settle down), and it just purrs along with a slightly modified standard rules tar ball, and Vision's rules. (Initially, snort is behind a backbone router/s, so it can't see all 25 sub-nets.) When I tested all 25 sub-nets in "var INTERNAL ......", snort died on start-up. I then tried adding the CIDR addresses in, 5 at a time. It worked fine until, the last group broke it. I then supstituteed various CIDR IPs in and out, and concluded that 24 was OK, 25 was not. Word count - "wc -L /etc/snort/snort.conf" said - 412 for the line length with 25 CIDR IP addresses 395 for the line length with 24 CIDR IP addresses It runs fine with the line length of 395. So I deleted one sub-net from the variable, leaving it at 24. Is there a size limit on variables? Or a 400 character limit on line length? Or a the limit on the number of CIDR IP addresses? __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Limit on variable length? Nare Do Well (Aug 15)