Snort/Snort ImageStream Variables
From ImageStream Router Documentation
< Snort
Global Policy Variables
- SNORT_OPTIONS <option> ...
- Additional options to pass to the snort daemon
- Example: Set the kernel memory-mapped ring size from 16M (default) to 32M
- SNORT_OPTIONS --ringsize 32000000
- SNORT_BASE_OPTIONS <option> ...
- Override the script's default Snort base command options. (Does not work for Sguil mode)
- Default options currently are -c ${PKG_CONF} -D where ${PKG_CONF} is the full path to the snort.conf file normally located in /data/snort/etc/snort.conf
Per-Sensor Variables
- SNORT_IFACE <interface name>
- Defines the interface(s) to listen on (Requires 200 MB of RAM per interface)
- Example: Set the listening interface to eth0 (Ethernet0)
- SNORT_IFACE eth0
- Example: Listen on eth0 and eth1
- SNORT_IFACE eth0 eth1
- SNORT_SENSOR_NAME <sensor name> ...
- Sets the Sguil sensor name
- SGUIL_HOST <Hostname or IP> ...
- Sets the Sguil server
- SGUIL_PORT <port> ...
- Sets the Sguil server's TCP port (default 7736)
- SGUIL_NET_GROUP <net group name> ...
- Sets the Sguil net group name
- SNORT_STATS_INTERVAL <interval in seconds> ...
- Adds a preprocessor perfmonitor with the given interval for Sguil. Note: If you enable the preprocessor perfmonitor setting in the policy setup that setting will override this one.
