Snort mailing list archives
Re: snort.conf differences in Snort 2.9.8.2
From: Y M <snort () outlook com>
Date: Fri, 8 Apr 2016 19:00:19 +0000
Got it. Now to upgrading. Thanks Joel. YM Sent from Mobile On Fri, Apr 8, 2016 at 11:55 AM -0700, "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> wrote: The one on the webpage is generally more up to date than the one in the tarball, and that's the one we recommend. -- Joel Esler Manager, Talos Group On Apr 8, 2016, at 3:30 AM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: Hello all, snort.conf in the Snort 2.9.8.2 tarball is not in sync with the snort.conf at https://www.snort.org/documents/snort-2982-conf. Of importance, the differences involve ports definitions, rules inclusion, and preprocessor configurations. The major differences are posted below. Which conf file to go by? 1. snort.conf in snort-2.9.8.2.tar.gz contains the legacy dynamic libraries only. It does not include the new ones as defined in this blog post: http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html.<http://blog.snort.org/2014/08/snort-subscriber-ruleset-re.html> 2. HTTP_PORTS 3. normalize_tcp options 4. stream5_tcp options and ports 5. http_inspect_server ports 6. ssl preprocessor ports 7. rules files inclusion. YM ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort.conf differences in Snort 2.9.8.2 Y M (Apr 08)
- Re: snort.conf differences in Snort 2.9.8.2 Joel Esler (jesler) (Apr 08)
- Re: snort.conf differences in Snort 2.9.8.2 Y M (Apr 08)
- Re: snort.conf differences in Snort 2.9.8.2 Joel Esler (jesler) (Apr 08)