Snort/Snort ImageStream Variables

From ImageStream Router Documentation

< Snort
Revision as of 22:01, 19 May 2009 by Syoder (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Global Policy Variables

  • SNORT_OPTIONS <option> ...
Additional options to pass to the snort daemon
Example: Set the kernel memory-mapped ring size from 16M (default) to 32M
SNORT_OPTIONS --ringsize 32000000
  • SNORT_BASE_OPTIONS <option> ...
Override the script's default Snort base command options. (Does not work for Sguil mode)
Default options currently are -c ${PKG_CONF} -D where ${PKG_CONF} is the full path to the snort.conf file normally located in /data/snort/etc/snort.conf

Per-Sensor Variables

  • SNORT_IFACE <interface name>
Defines the interface(s) to listen on (Requires 200 MB of RAM per interface)
Example: Set the listening interface to eth0 (Ethernet0)
SNORT_IFACE eth0
Example: Listen on eth0 and eth1
SNORT_IFACE eth0 eth1
  • SNORT_SENSOR_NAME <sensor name> ...
Sets the Sguil sensor name
  • SGUIL_HOST <Hostname or IP> ...
Sets the Sguil server
  • SGUIL_PORT <port> ...
Sets the Sguil server's TCP port (default 7736)
  • SGUIL_NET_GROUP <net group name> ...
Sets the Sguil net group name
  • SNORT_STATS_INTERVAL <interval in seconds> ...
Adds a preprocessor perfmonitor with the given interval for Sguil. Note: If you enable the preprocessor perfmonitor setting in the policy setup that setting will override this one.
Personal tools
Router software releases