Posted by Roadrunnere42 on Sep 01, 2017; 8:54am
URL: https://itus.accessinnov.com/snort-2-9-9-0-2-config-files-check-tp1478.html

Hi user8446

can you please check these snort and snort7 config files to see is i have made any mistake because i release the new fw_upgrade update with the new snort package ( did not inclue snort8.conf)
my concerns i have is with snort 7 /8 in router mode with the trogen list enabled should it be

config detection: search-method ac-split search-optimize max-pattern-len 18  no_stream_inserts

or

config detection: search-method ac-nq split-any-any search-optimize max-pattern-len 18 no_stream_inserts


I have included both files if you could look over and let me know if all is correct or your suggestions

also which lines need to be commented out for each conf file

include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules




snort7.conf

snort_bridge.conf

The new snort version seem to work ok but on installing it deletes file
/use/lib/daq/daq_nfq.so because it's obsolete

yet without it snort does not work i copied the file back and all working fine again, do you know of a way to configure snort to work without the file, as i believe that snort now has ngq built in and does not use the library file?

Thanks

Roadrunnere42