(I removed the useless extra "?"s from the subject, if this breaks your
threading try using a real MUA)
On 4/15/08 1:36 AM, "Rachmat Hidayat Al-Anshar"
<rachmat_hidayat_02@yahoo.com> wrote:
Hi all.... :)
I just want to know more about this following line on
snort configurations file..
var PREPROC_RULE_PATH ../preproc_rules
what is preprocessor rules are??
and then, since I know that Snort's preprocessor only
use plug-ins for its
process, is it something that I missed about this
"rules" for preprocessor...
Any response supporting this question will greatly
appreciated
Thanks in advance
Rachmat Hidayat Al Anshar
From the ChangeLog:
2007-08-30 Steven Sturges <ssturges@sourcefire.com>
<snip>
Added support to provide action control (alert, drop, pass, etc)
over preprocessor and decoder generated events, as well as references
and classifications via a rule. These rules do not include IP
addresses as the individual preprocessor/decoder configuration
dictates the traffic to which an event applies. In conjunction
with this, certain post-processing rule options (tag, logto, etc)
may be added to those rules, while other options that relate to data
inspection (content, byte_test, etc) may not. Enable via
--enable-decoder-preprocessor-rules option to configure.
Been there for a while.
--
Nigel Houghton
Resident Hooligan
SF VRT
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
