| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: 3.1 How do I Up: The Snort FAQ Previous: 2.15 What is the
3 Configuring Snort
Subsections
- 3.1 How do I setup snort on a `stealth' interface?
- 3.2 How do I setup a receive-only ethernet cable?
- 3.3 What are HOME_NET and EXTERNAL_NET?
- 3.4 My network spans multiple subnets. How do I define HOME_NET?
- 3.5 How do I set EXTERNAL_NET?
- 3.6 How can I run Snort on multiple interfaces simultaneously?
- 3.7 My IP address is assigned dynamically to my interface, can I use Snort with it?
- 3.8 I have one network card and two aliases, how can I force Snort to ``listen'' on both addresses?
- 3.9 How do I ignore traffic coming from a particular host or hosts?
- 3.10 How do I get Snort to log the packet payload as well as the header?
- 3.11 Why are there no subdirectories under /var/log/snort for IP addresses?
- 3.12 How do you get Snort to ignore some traffic?
- 3.13 Why does the portscan plugin log ``stealth'' packets even though the host is in the portscan-ignorehosts list?
- 3.14 What the heck is a ``Stealth scan''?
- 3.15 What the heck is a SYNFIN scan?
- 3.16 Which takes precedence, commandline or rule file ?
- 3.17 How does rule ordering work?
- 3.18 How do I configure stream4?
- 3.19 Where does one obtain new/modifed rules? How do you merge them in?
- 3.20 How do you get the latest Snort via cvs?
- 3.21 How do I use a remote syslog machine?
- 3.22 How do I build this ACID thing?
| Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |