Re: [Snort-users] multiple port variable fun
This is a discussion on Re: [Snort-users] multiple port variable fun within the Snort forums, part of the System Security and Security Related category; --===============0962800257== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Cu7O56kffD5qePctOwHY" --=-Cu7O56kffD5qePctOwHY Content-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-25-2007
|
|||
|
|||
Re: [Snort-users] multiple port variable fun
--===============0962800257== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Cu7O56kffD5qePctOwHY" --=-Cu7O56kffD5qePctOwHY Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote: > On 7/3/07, Ryan Hudson <ryan@mydingo.net.au> wrote: > > Do you mean put that in snort.conf? Because when i tried that it just > > thought you were reading the same rules files multiple times and failed= as > > the same pid's were being used multiple times. And the http_ports varia= ble > > was over-written 3 times. > > > Yeap, the SIDs will cause problems. Barnyard and Oinkmaster wouldn't > play nice either. One possible solution is to create separate rules > files for each port. This looks ugly... Really? Never had a problem with that. Just created a small test file with a duplicate rule, but changed ports. Snort reads both rules without a complaint. What version of Snort are you using that causes that error? Or is the error caused by some third party app? Regards, Frank --=20 It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. --=-Cu7O56kffD5qePctOwHY Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBGppJkjt2fjCi9PsERAoW0AJ0RWErXk1evZLs1zEKk5m Tetg8sQgCeMw7k Sp4mxpnSibGSJQ2lmgkyT5g= =da+U -----END PGP SIGNATURE----- --=-Cu7O56kffD5qePctOwHY-- --===============0962800257== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ --===============0962800257== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============0962800257==-- 
|
Linear Mode
