Snort mailing list archives
Using a var in the conf and local rules
From: honeybadger () q com
Date: Mon, 25 Feb 2013 10:51:24 -0700
Hey all, I am adding scanners for 600+ suspect IPs in a text file. Ok adding in include snort.var Adding var IP_RULES Then tcp any any - > $IP_RULES any (msg:"suspect IP detected; sid 4525;) I would like if the alert would tell me which IP it found. Usually I would use a content but this is different. Any know how to set this up? Thanks, -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using a var in the conf and local rules honeybadger (Feb 25)
- Re: Using a var in the conf and local rules waldo kitty (Feb 25)
- Re: Using a var in the conf and local rules Lay, James (Feb 25)
- Message not available
- Re: Using a var in the conf and local rules Lay, James (Feb 25)
- Re: Using a var in the conf and local rules Stephen Mintz (Feb 25)
- Re: Using a var in the conf and local rules JJ Cummings (Feb 25)
- Re: Using a var in the conf and local rules Joel Esler (Feb 25)
- Message not available
- Re: Using a var in the conf and local rules Joel Esler (Feb 25)