RE: [Snort-users] Need a help

This is a multi-part message in MIME format.

------_=_NextPart_001_01C582FF.CA226410
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,
Is this file in snort .conf to mention the snort is configured in =
detection mode.
=20
# Command Line Options
## --------------------
#
config disable_decode_alerts
config disable_decode_alerts
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config detection: search-method lowmem
#
=20
Regards...
Mithun.k.s



-----Original Message-----
From: Salil D. [mailto:salildumbre@rediffmail.com]
Sent: Thursday, July 07, 2005 5:15 PM
To: Ks, Mithun (GE Commercial Finance, non-GE)
Subject: Re: [Snort-users] Need a help




I had installed snort long time back
you need to check the snort.conf file for configuration details


On Thu, 07 Jul 2005 Ks,Mithun(GE Commercial Finance,non-GE) wrote :
>Hello,
>
>I cconfigured snort in linux platform. Can anyone tell me where should =
i want to go if i want snort to be configured in logging mode or in =
detecting mode? In which file i have to change this.
>
>Please help me in this.
>
>Regards....
>Mithun.k.s
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&opick
>_______________________________________________
>Snort-users mailing list
>Snort-users@lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/...fo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?listort-users




<http://clients.rediff.com/signature/track_sig.asp> =20


------_=_NextPart_001_01C582FF.CA226410
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D699482214-07072005>Hi,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D699482214-07072005>Is=20
this file in snort .conf to mention the snort is configured in detection =

mode.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2># Command Line =
Options<BR>##=20
--------------------<BR>#<BR>config disable_decode_alerts<BR>config=20
disable_decode_alerts<BR>config =
disable_tcpopt_experimental_alerts<BR>config=20
disable_tcpopt_obsolete_alerts<BR>config disable_tcpopt_alerts<BR>config =

disable_ipopt_alerts<BR><STRONG>config detection: search-method=20
lowmem</STRONG><BR>#</FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT>&nbsp;</DIV>
<DIV><SPAN class=3D699482214-07072005><FONT face=3DArial color=3D#0000ff =

size=3D2>Regards...</FONT></SPAN></DIV>
<DIV><SPAN class=3D699482214-07072005><FONT face=3DArial color=3D#0000ff =

size=3D2>Mithun.k.s</FONT></SPAN></DIV>
<DIV><FONT face=3DArial><BR><FONT color=3D#0000ff =
size=3D2></FONT></FONT></DIV>
<BLOCKQUOTE>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Salil D.=20
[mailto:salildumbre@rediffmail.com]<BR><B>Sent:</B> Thursday, July 07, =
2005=20
5:15 PM<BR><B>To:</B> Ks, Mithun (GE Commercial Finance,=20
non-GE)<BR><B>Subject:</B> Re: [Snort-users] Need a =
help<BR><BR></FONT></DIV>
<P> <BR>I had installed snort long time back<BR>you need to check the=20
snort.conf file for configuration details<BR><BR><BR>On Thu, 07 Jul =
2005=20
Ks,Mithun(GE Commercial Finance,non-GE) wrote =
:<BR>&gt;Hello,<BR>&gt;<BR>&gt;I=20
cconfigured snort in linux platform. Can anyone tell me where should i =
want to=20
go if i want snort to be configured in logging mode or in detecting =
mode? In=20
which file i have to change this.<BR>&gt;<BR>&gt;Please help me in=20
=
this.<BR>&gt;<BR>&gt;Regards....<BR>&gt;Mithun.k.s <BR>&gt;<BR>&gt;<BR>&gt=
;-------------------------------------------------------<BR>&gt;SF.Net=20
email is sponsored by: Discover Easy Linux Migration =
Strategies<BR>&gt; from=20
IBM. Find simple to follow Roadmaps, straightforward=20
articles,<BR>&gt;informative Webcasts and more! Get everything you =
need to get=20
up to<BR>&gt;speed, fast.=20
=
http://ads.osdn.com/?ad_idt77&amp;alloc_id=16492&amp;opick<BR>&gt;____ ___=
________________________________________<BR>&gt;Sn ort-users=20
mailing list<BR>&gt;Snort-users@lists.sourceforge.net<BR>&gt;Go to =
this URL to=20
change user options or=20
=
unsubscribe:<BR>&gt;https://lists.sourceforge.net/lists/listinfo/snort-us=
ers<BR>&gt;Snort-users=20
list=20
=
archive:<BR>&gt;http://www.geocrawler.com/redir-sf.php3?listort-users<BR>=
</P><BR><BR><A=20
href=3D"http://clients.rediff.com/signature/track_sig.asp" =
target=3D_blank><IMG=20
hspace=3D0=20
=
src=3D"http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail=
..com/inbox.htm@Bottom"=20
border=3D0 NOSEND=3D"1"></A> </BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C582FF.CA226410--


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users