x
Contents
3.6.34
The uricontent Keyword 
111
3.7 The Snort Configuration File 
112
3.7.1
Using Variables in Rules 
112
3.7.2
The config Directives 
114
3.7.3
Preprocessor Configuration 
116
3.7.4
Output Module Configuration 
116
3.7.5
Defining New Action Types 
117
3.7.6
Rules Configuration 
117
3.7.7
Include Files 
117
3.7.8
Sample snort.conf File 
118
3.8 Order of Rules Based upon Action 
119
3.9 Automatically Updating Snort Rules 
120
3.9.1
The Simple Method 
120
3.9.2
The Sophisticated and Complex Method 
122
3.10 Default Snort Rules and Classes 
125
3.10.1
The local.rules File 
127
3.11 Sample Default Rules 
127
3.11.1
Checking su Attempts from a Telnet Session 
127
3.11.2
Checking for Incorrect Login on Telnet Sessions 
128
3.12 Writing Good Rules 
128
3.13 References 129
 Chapter 4   
Plugins, Preprocessors and Output Modules 
131
4.1 Preprocessors 132
4.1.1
HTTP Decode 
133
4.1.2
Port Scanning 
134
4.1.3
The frag2 Module 
135
4.1.4
The stream4 Module 
136
4.1.5
The spade Module 
137
4.1.6
ARP Spoofing 
138
4.2 Output Modules 
139
4.2.1
The alert_syslog Output Module 
140
4.2.1
The alert_full Output Module 
143
4.2.1
The alert_fast Output Module 
143
4.2.1
The alert_smb Module 
143
4.2.1
The log_tcpdump Output Module 
144
4.2.1
The XML Output Module 
146
4.2.1
Logging to Databases 
150
4.2.1
CSV Output Module 
151






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved