Snort mailing list archives
Documentation!!
From: SN ORT <snort_on_acid () yahoo com>
Date: Wed, 11 Feb 2004 09:21:59 -0800 (PST)
Would it be possible to make the documents with more complete examples. For instance while (attempting) tuning the HTTP_INSPECT using the configs in the README.http_inspect file (being a good Snort-citizen, I read the document): I used the config options, trying to figure out if these all go on the same line or different, trying to figure out by trial and error if I can use a variable for the "servers" IP address, such as $HTTP_SERVERS!! (so now how do I specify more than one?), found out for myself I have to use the "\" to specify more options, and then find out there has to be a space between the last character and the "\", and then finally find out that I can't even use all of the options per the error below. "Invalid token while configuring the profile token. The only allowed tokens when configuring profiles are: 'ports', 'iis_unicode_map', 'allow_proxy_use', 'flow_depth', 'no_alerts', 'oversize_dir_length', and 'inspect_uri_only'." So now I can't use the "bare_byte or non_rfc_Char options along with the rest? What a PAIN! SO forget about using http_inspect and forget about ANY decoder, turn all of them off. Now I'm just trying to find out which command shuts off which decoder, I thought I shut off every possibility after readin gthe doc, but, I still get alerts! Grrr. __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Documentation!! SN ORT (Feb 11)
- Re: Documentation!! Matt Kettler (Feb 11)
- Re: Documentation!! SN ORT (Feb 11)
- Re: Documentation!! Matt Kettler (Feb 11)
- Re: Documentation!! SN ORT (Feb 11)
- <Possible follow-ups>
- RE: Documentation!! Mike Koponick (Feb 12)
- RE: Documentation!! SN ORT (Feb 12)
- RE: Documentation!! Michael Steele (Feb 12)
- Re: Documentation!! Matt Kettler (Feb 11)