114
Chapter 3     Working with Snort Rules
3.7.2
The config Directives
The config directives in the snort.conf file allow a user to configure many
general settings for Snort. Examples include the location of log files, the order of apply 
ing rules and so on. These directives can be used to replace many command line options
as well. The general format of applying a config directive is as follows:
config directive_name[: value]
Table 3 6 shows a list of directives used in the snort.conf file.
Table 3 6 Snort config directives
Directive
Description
order
Changes the order in which rules are applied. It is equivalent to the  o 
command line option. 
alertfile
Used to set the name of the alert file. Alert file is created in log direc 
tory (see logdir directive).
classification
Builds classification for rules. See explanation of the classtype key 
word used in rules.
decode_arp
Equivalent to  a command line option. It turns ON arp decoding.
dump_chars_only
Equivalent  C command line option.
dump_payload
Equivalent to  d command line option. It is used to dump the data part 
of the packet.
decode_data_link
Equivalent to  e command line option. Using this directive you can 
decode data link layer headers (Ethernet header, for example).
bpf_file
Equivalent to  F command line option.
set_gid
Equivalent to  g command line option. Using this directive you can set 
the group ID under which Snort runs. For example, you can use  config 
set_gid: mygroup 
daemon
Equivalent to  D command line option. It invokes Snort as daemon 
instead of foreground process.
reference_net
Equivalent to  h command line option. It sets the home network address.
interface
Equivalent to  i command line option. It sets the interface for Snort.
alert_with_interface_name
Equivalent to  T command line option. This directive is used to append 
the interface name to the alert message. This is sometimes useful if you 
are monitoring multiple interfaces on the same sensor.
logdir
Equivalent to  l command line option. It sets the directory where Snort 
logs data. The default location of the log directory is /var/log/
snort.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved