# # Snort startup file - used as a container so that the startup script # need not be changed. # # $Id: snort.lib,v 1.4 2000/04/25 17:21:00 arrigo Exp $ # # # SECTION: LOGGING OPTIONS # output alert_syslog: LOG_AUTHPRIV LOG_ALERT LOG_NDELAY output log_tcpdump: $(SNORT_LOG) # # SECTION: PORTSCAN SUPPORT # # #preprocessor portscan: 12.23.34.45/32 3 5 /var/log/snort_portscan.log # ^^^^^^^^^^^ ^ ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^ # | | | | #Your IP address or Network here+ | | | # | | | #Amount of ports being connected------+ | | # in this | | #Interval (in seconds)------------------+ | # | #Log file (path/name)----------------------------------+ # preprocessor portscan: $HOME_NET 3 5 /home/snort/log/portscan.log # # Now set the ignorehosts stuff with our local defns enabled. # preprocessor portscan-ignorehosts: $HOME_NET # # SECTION: INCLUDE FILES # include: $SNORT_LIB/ultra.lib include: $SNORT_LIB/latest.lib include: $SNORT_LIB/catchall.lib