Snort mailing list archives
Re: Question regarding config binding configuration option.
From: Steven Sturges <steve.sturges () sourcefire com>
Date: Wed, 07 Jul 2010 17:07:50 -0400
The main config is the "default", ie, used if packet doesn't match any of the bound configs. Think of each config_vlan_x.conf as its own snort.conf with respect to variables, rules that are enabled, etc. So, within each of those, you'd have the necessary preprocessor configurations and rules for that vlan. For preprocessors that have memory specific configurations (stream5, frag3), you specify the memory settings in the base snort.conf, and then the specific policy targets and "detection" type configurations for those preprocessors in each of the config_vlan_x.conf files. Refer to section 2.10 of the Snort manual... Cheers. -steve On 7/7/2010 4:33 PM, beenph wrote:
Hello all, i must admit i didin't look at the implementation before asking what i am about to ask but i am sure someone near the source of the flames will know the anwser. Let say i have a main config like this: <STUFF I WANT FOR BOTH CONFIG> #some static preprocessor config without dependance to $HOME_NET or other variables #and other generalities like basic path and stuff </STUFF I WANT FOR BOTH CONFIG> config binding: config_vlan1.conf vlan 1 config binding: config_vlan2.conf vlan 2 <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION> #Specific preprocessor configuration with dependance to $HOME_NET or other variables #Specific rule files </STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION> Does the declaration of variables in the general configuration need to be duplicated (example HOME_NET), or would delaration of (HOME_NET) that would be done in each config would propagate to <STUFF I WANT TO HAVE CONFIG SPECIFIC DECLARATION> aka rules. I hope i am clear, if not i will try to give a more clear fictious example. -elz ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Question regarding config binding configuration option. beenph (Jul 07)
- Re: Question regarding config binding configuration option. Steven Sturges (Jul 07)
- Re: Question regarding config binding configuration option. beenph (Jul 07)
- Re: Question regarding config binding configuration option. Steven Sturges (Jul 07)