Re: Manifest file without shared memory in reputation preprocessor

[Eugenio Pérez <eupm90 () gmail com>]

Hi Hui, thanks for your fast response.

And what if I want to block, alert and bypass, three different actions on
various different ip?


2014-05-12 18:37 GMT+02:00 Hui Cao (huica) <huica () cisco com>:

>  Currently, manifest is tied to shared memory.
> You can let each snort instance load from different folder and load as
> blacklist.  For the blacklist alert, replace drop with alert action.
>
>  Best,
> Hui.
>
>   From: Eugenio Pérez <eupm90 () gmail com>
> Date: Monday, May 12, 2014 at 12:23 PM
> To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net
> >
> Subject: [Snort-users] Manifest file without shared memory in reputation
> preprocessor
>
>   Hi all. Is there any way to use the manifest file without using shared
> memory?
>
> The problem is I have various snort instances in the same machine, and
> they could have different reputation rules each one. Also, I want to use
> the 'monitor' type, that I only can use in manifest file.
>
>  Any idea? Thanks and regards.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!