Next:
2.1 Includes
Up:
SNORTUsers Manual 2.9.16
Previous:
1.12 More Information
Contents
2
. Configuring Snort
Subsections
2
.
1
Includes
2
.
1
.
1
Format
2
.
1
.
2
Variables
2
.
1
.
3
Config
2
.
2
Preprocessors
2
.
2
.
1
Frag3
2
.
2
.
2
Session
2
.
2
.
3
Stream
2
.
2
.
4
sfPortscan
2
.
2
.
5
RPC Decode
2
.
2
.
6
Performance Monitor
2
.
2
.
7
HTTP Inspect
2
.
2
.
8
SMTP Preprocessor
2
.
2
.
9
POP Preprocessor
2
.
2
.
10
IMAP Preprocessor
2
.
2
.
11
FTP/Telnet Preprocessor
2
.
2
.
12
SSH
2
.
2
.
13
DNS
2
.
2
.
14
SSL/TLS
2
.
2
.
15
ARP Spoof Preprocessor
2
.
2
.
16
DCE/RPC 2 Preprocessor
2
.
2
.
17
Sensitive Data Preprocessor
2
.
2
.
18
Normalizer
2
.
2
.
19
SIP Preprocessor
2
.
2
.
20
Reputation Preprocessor
2
.
2
.
21
GTP Decoder and Preprocessor
2
.
2
.
22
Modbus Preprocessor
2
.
2
.
23
DNP3 Preprocessor
2
.
2
.
24
AppId Preprocessor
2
.
3
Decoder and Preprocessor Rules
2
.
3
.
1
Configuring
2
.
3
.
2
Reverting to original behavior
2
.
4
Event Processing
2
.
4
.
1
Rate Filtering
2
.
4
.
2
Event Filtering
2
.
4
.
3
Event Suppression
2
.
4
.
4
Event Logging
2
.
4
.
5
Event Trace
2
.
5
Performance Profiling
2
.
5
.
1
Rule Profiling
2
.
5
.
2
Preprocessor Profiling
2
.
5
.
3
Packet Performance Monitoring (PPM)
2
.
6
Output Modules
2
.
6
.
1
alert_syslog
2
.
6
.
2
alert_fast
2
.
6
.
3
alert_full
2
.
6
.
4
alert_unixsock
2
.
6
.
5
log_tcpdump
2
.
6
.
6
csv
2
.
6
.
7
unified 2
2
.
6
.
8
log null
2
.
6
.
9
Log Limits
2
.
7
Host Attribute Table
2
.
7
.
1
Rule evaluation
2
.
7
.
2
Snort Configuration
2
.
7
.
3
Host Attribute Table File Format
2
.
7
.
4
Attribute Table Example
2
.
7
.
5
Attribute Table Affect on preprocessors
2
.
8
Dynamic Modules
2
.
8
.
1
Format
2
.
8
.
2
Directives
2
.
9
Reloading a Snort Configuration
2
.
9
.
1
Enabling support
2
.
9
.
2
Reloading a configuration
2
.
9
.
3
Non-reloadable configuration options
2
.
10
Multiple Configurations
2
.
10
.
1
Creating Multiple Configurations
2
.
10
.
2
Configuration Specific Elements
2
.
10
.
3
How Configuration is applied?
2
.
11
Active Response
2
.
11
.
1
Enabling Active Response
2
.
11
.
2
Configure Sniping
2
.
11
.
3
Flexresp
2
.
11
.
4
React
2
.
11
.
5
Rule Actions
