OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sid (s_i_d_jyahoo.com)
Date: Thu May 03 2001 - 10:50:47 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----snort.conf-------
    var INTERNAL [x.x.x.x/24,y.y.y.y/16]
    var EXTERNAL any
    var SMTP $INTERNAL
    var HTTP_SERVERS $INTERNAL
    var DNS_SERVERS [a.a.a.a/32,b.b.b.b/32]

    preprocessor minfrag: 256
    preprocessor defrag
    preprocessor stream: timeout 10, ports 21 23 80, maxbytes 16384
    preprocessor http_decode: 80
    preprocessor portscan: $INTERNAL 4 3 portscan.log
    preprocessor portscan-ignorehosts: $DNS_SERVERS

    var SPADEDIR /usr/local/snort/spade
    preprocessor spade: 10.5 $SPADEDIR/spade.rcv $SPADEDIR/log.txt 3 50000
    preprocessor spade-homenet: 202.87.0.0/16
    preprocessor spade-threshlearn: 200 24
    preprocessor spade-survey: $SPADEDIR/survey.txt 60
    preprocessor spade-stats: entropy uncondprob condprob

    output database: alert, mysql, user=root password=xxxx dbname=snort
    host=localhost
    output alert_full: alert
    -------------------------------------------------------------

    cmdline switches :-
    -----------------------
    /usr/local/snort/bin/snort -D -d -C -i hme1 -c
    /usr/local/snort/conf/snort.conf -l /usr/local/snort/log/snort
    -----------------------

    Siddhartha

    ----- Original Message -----
    From: "Fyodor" <fygravetigerteam.net>
    To: "Sid" <s_i_d_jyahoo.com>
    Cc: "Martin Roesch" <roeschsourcefire.com>; <william.c.gerckencensus.gov>;
    "Erek Adams" <erektheadamsfamily.net>; <snort-userslists.sourceforge.net>;
    <snort-users-adminlists.sourceforge.net>
    Sent: Thursday, May 03, 2001 9:05 PM
    Subject: Re: [Snort-users] Memory leak

    > On Thu, May 03, 2001 at 08:43:32PM +0530, Sid wrote:
    > > No guys!!! This is Snort 1.7. On Solaris 2.6/UltraSparc-II (Dual, 1 GB
    RAM).
    > >
    >
    > can we see your snort.conf and cmdline switches if possible? :)

    _________________________________________________________
    Do You Yahoo!?
    Get your free yahoo.com address at http://mail.yahoo.com

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    http://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users