thanks, I was being dense, looked through the users manual twice and
didn't see it, but it's at the top of the Config table 2.1. It wasn't
commented in my default snort.conf and there isn't a man for it on my
system it seems...
-h
Hari Sekhon
Matthew Watchinski wrote:
> config order: pass alert log
>
> Hari Sekhon wrote:
>> I wanted to exclude a couple of machine from alerts so I created the
>> rules in local.rules using pass statements. This works if snort is
>> started with the -o switch.
>>
>> The thing is, I'm keeping a central configuration and I can't easily
>> go round to all the machines and guarantee that snort will be run
>> with the -o flag. Really I need to be able to do this inside the
>> config which I deploy.
>>
>> Is it possible to get the same effect inside the configs without
>> doing some sledgehammer thing like disabling those checks? Basically
>> can I put -o inside the snort.conf or something?
>>
>> -h
>>
>
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|