The Snort Configuration File


115


Table 3 6 Snort config directives (continued)


Directive


Description


umask


Equivalent to  m command line option. Using this option you can set 


the UMASK while running Snort. 


pkt_count


Equivalent to  n command line option. Using this directive you can 


exit from Snort after a defined number of packets. 


nolog


Equivalent to  N command line option. Logging is disabled except 


alerts. Remember, alerts are really both alerts and logs.


obfuscate


Equivalent to  O command line option. It is used to obfuscate IP 


addresses so that you are able to send the logs for analysis to someone 


without disclosing the identity of your network.


no_promisc


Equivalent to  p command line option and is used to disable promiscu 


ous mode.


quiet


Equivalent to  q command line option. This will disable banner infor 


mation at Snort startup time and prevent statistical information from 


being displayed.


chroot


Equivalent to  t command line option. It is used to change root direc 


tory for Snort to a specific directory.


checksum_mode


Used to checksum for particular types of packets. It takes arguments 


such as none, noip, notcp, noicmp, noudp, and all.


set_uid


Equivalent to  u command line option and is used to set user ID for the 


Snort process.


utc


Equivalent to  U command line option and is used to use UTC instead 


of local time in alerts and logs.


verbose


Equivalent to  v command line option. It is used to log messages to 


standard output in addition to standard logging.


dump_payload_verbose


Equivalent to  X command line option. This dumps the received raw 


packet on the standard output.


show_year


Equivalent to  y command line option and is used to display year in the 


timestamp.


stateful


Used to set assurance mode for stream4 preprocessor. Preprocessors 


are discussed in detail in Chapter 4.


You have already seen how the classification directive is used in the classifi 


cation.config file. As another example, the following line is used to start Snort in


the daemon mode.


config daemon


You can also use  D command line option to start Snort in the daemon mode.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved