blob: 3ac53f68e54f55610449b2c1d4fa7545404167a5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# Conf file for the log_packets script
# Make sure you verify the location of
# each of the binaries on your OS
HOSTNAME="myhost"
# Path to snort binary
SNORT_PATH="/usr/local/bin/snort"
# Directory to log pcap data to (date dirs will be created in here)
# Note: The path $HOSTNAME/dailylogs, will be appended to this.
LOG_DIR="/snort_data"
# Percentage of disk to try and maintain
MAX_DISK_USE=90
# Interface to 'listen' to.
INTERFACE="eth0"
# Other options to use when starting snort
#OPTIONS="-u sguil -g sguil -m 122"
# Where to store the pid
PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
# How do we run ps
PS="ps awx"
# Where is grep
GREP="/usr/bin/grep"
#Add BPFs here.
#The below is an example of a filter for ignoring outbound HTTP from my network
# to the world.
#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
#Some installs may need these
#LD_LIBRARY_PATH=/usr/local/lib/mysql
#export LD_LIBRARY_PATH
|
