Next:
Includes
Up:
SNORTUsers Manual 2.9.4
Previous:
More Information
Contents
Configuring Snort
Subsections
Includes
Format
Variables
IP Variables and IP Lists
Port Variables and Port Lists
Variable Modifiers
Limitations
Config
Format
Preprocessors
Frag3
Frag 3 Configuration
Format
Basic Configuration
Advanced Configuration
Frag 3 Alert Output
Stream5
Transport Protocols
Target-Based
Stream API
Anomaly Detection
Protocol Aware Flushing
Stream5 Global Configuration
Stream5 TCP Configuration
Stream5 UDP Configuration
Stream5 ICMP Configuration
Stream5 IP Configuration
Example Configurations
sfPortscan
sfPortscan Configuration
Format
Example
sfPortscan Alert Output
Unified Output
Log File Output
Tuning sfPortscan
RPC Decode
Format
Performance Monitor
Examples
HTTP Inspect
Global Configuration
Format
Configuration
Example Global Configuration
Server Configuration
Default
Example Default Configuration
Configuration by IP Address
Example IP Configuration
Configuration by Multiple IP Addresses
Example Multiple IP Configuration
Server Configuration Options
Example
Examples
SMTP Preprocessor
Configuration
Example
Default
Note
POP Preprocessor
Configuration
Example
Default
IMAP Preprocessor
Configuration
Example
Default
FTP/Telnet Preprocessor
Global Configuration
Format
Configuration
Example Global Configuration
Telnet Configuration
Format
Configuration
Example Telnet Configuration
FTP Server Configuration
Default
Example Default FTP Server Configuration
Configuration by IP Address
Example IP specific FTP Server Configuration
FTP Server Configuration Options
FTP Server Base Configuration Options
FTP Client Configuration
Default
Example Default FTP Client Configuration
Configuration by IP Address
Example IP specific FTP Client Configuration
FTP Client Configuration Options
Examples/Default Configuration from snort.conf
SSH
Configuration
Example Configuration from snort.conf
DNS
Configuration
Examples/Default Configuration from snort.conf
SSL/TLS
Configuration
Examples/Default Configuration from snort.conf
Rule Options
ARP Spoof Preprocessor
Format
Example Configuration
DCE/RPC 2 Preprocessor
Dependency Requirements
Target Based
Configuration
Events
Rule Options
Sensitive Data Preprocessor
Dependencies
Preprocessor Configuration
Rule Options
Normalizer
IP4 Normalizations
IP6 Normalizations
ICMP4/6 Normalizations
TCP Normalizations
TTL Normalization
SIP Preprocessor
Dependency Requirements
Configuration
Events
Rule Options
Reputation Preprocessor
Configuration
Events
Shared memory support
GTP Decoder and Preprocessor
Dependency Requirements
GTP Data Channel Decoder Configuration
GTP Control Channel Preprocessor Configuration
GTP Decoder Events
GTP Preprocessor Events
Rule Options
Modbus Preprocessor
Dependency Requirements
Preprocessor Configuration
Rule Options
Preprocessor Events
DNP3 Preprocessor
Dependency Requirements
Preprocessor Configuration
Rule Options
Preprocessor Events
Decoder and Preprocessor Rules
Configuring
Reverting to original behavior
Event Processing
Rate Filtering
Format
Examples
Event Filtering
Format
Examples
Event Suppression
Format
Examples
Event Logging
Event Queue Configuration Options
Event Queue Configuration Examples
Performance Profiling
Rule Profiling
Format
Examples
Output
Preprocessor Profiling
Format
Examples
Output
Packet Performance Monitoring (PPM)
Configuration
Examples
Sample Snort Output
Implementation Details
Output Modules
alert_syslog
Available Keywords
Facilities
Priorities
Options
Format
Example
alert_fast
Format
Example
alert_full
Format
Example
alert_unixsock
Format
Example
log_tcpdump
Format
Example
csv
Format
Example
unified
Format
Example
unified 2
Format
Example
Extra Data Configurations
Reading Unified2 Files
U2SpewFoo
U2Boat
log null
Format
Example
Log Limits
Host Attribute Table
Configuration Format
Attribute Table File Format
Attribute Table Example
Attribute Table Affect on preprocessors
Attribute Table Affect on rules
Dynamic Modules
Format
Directives
Reloading a Snort Configuration
Enabling support
Reloading a configuration
Non-reloadable configuration options
Multiple Configurations
Creating Multiple Configurations
Configuration Specific Elements
Config Options
Rules
Variables
Preprocessors
Events and Output
How Configuration is applied?
Active Response
Enabling Active Response
Configure Sniping
Flexresp
React
Rule Actions
Eugene Misnik 2013-05-08