[Snort-users] Putting -o in config file?
Hari Sekhon
rules in local.rules using pass statements. This works if snort is
started with the -o switch.
The thing is, I'm keeping a central configuration and I can't easily go
round to all the machines and guarantee that snort will be run with the
-o flag. Really I need to be able to do this inside the config which I
deploy.
Is it possible to get the same effect inside the configs without doing
some sledgehammer thing like disabling those checks? Basically can I put
-o inside the snort.conf or something?
-h
--
Hari Sekhon
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Matthew Watchinski
Hari Sekhon wrote:
> I wanted to exclude a couple of machine from alerts so I created the
> rules in local.rules using pass statements. This works if snort is
> started with the -o switch.
>
> The thing is, I'm keeping a central configuration and I can't easily go
> round to all the machines and guarantee that snort will be run with the
> -o flag. Really I need to be able to do this inside the config which I
> deploy.
>
> Is it possible to get the same effect inside the configs without doing
> some sledgehammer thing like disabling those checks? Basically can I put
> -o inside the snort.conf or something?
>
> -h
>
Hari Sekhon
didn't see it, but it's at the top of the Config table 2.1. It wasn't
commented in my default snort.conf and there isn't a man for it on my
system it seems...
-h
Hari Sekhon