Next:
2.1 Includes
Up:
SNORTUsers Manual 2.8.6
Previous:
1.9 More Information
Contents
2. Configuring Snort
Subsections
2.1 Includes
2.1.1 Format
2.1.2 Variables
2.1.3 Config
2.2 Preprocessors
2.2.1 Frag3
2.2.2 Stream5
2.2.3 sfPortscan
2.2.4 RPC Decode
2.2.5 Performance Monitor
2.2.6 HTTP Inspect
2.2.7 SMTP Preprocessor
2.2.8 FTP/Telnet Preprocessor
2.2.9 SSH
2.2.10 DCE/RPC
2.2.11 DNS
2.2.12 SSL/TLS
2.2.13 ARP Spoof Preprocessor
2.2.14 DCE/RPC 2 Preprocessor
2.2.15 Sensitive Data Preprocessor
2.3 Decoder and Preprocessor Rules
2.3.1 Configuring
2.3.2 Reverting to original behavior
2.4 Event Processing
2.4.1 Rate Filtering
2.4.2 Event Filtering
2.4.3 Event Suppression
2.4.4 Event Logging
2.5 Performance Profiling
2.5.1 Rule Profiling
2.5.2 Preprocessor Profiling
2.5.3 Packet Performance Monitoring (PPM)
2.6 Output Modules
2.6.1 alert_syslog
2.6.2 alert_fast
2.6.3 alert_full
2.6.4 alert_unixsock
2.6.5 log_tcpdump
2.6.6 database
2.6.7 csv
2.6.8 unified
2.6.9 unified 2
2.6.10 alert_prelude
2.6.11 log null
2.6.12 alert_aruba_action
2.6.13 Log Limits
2.7 Host Attribute Table
2.7.1 Configuration Format
2.7.2 Attribute Table File Format
2.8 Dynamic Modules
2.8.1 Format
2.8.2 Directives
2.9 Reloading a Snort Configuration
2.9.1 Enabling support
2.9.2 Reloading a configuration
2.9.3 Non-reloadable configuration options
2.10 Multiple Configurations
2.10.1 Creating Multiple Configurations
2.10.2 Configuration Specific Elements
2.10.3 How Configuration is applied?
