John Galt wrote: > Expect changes when woody freezes: the file you reference is > snort.debian.conf in testing/unstable...snort.conf is a real snort.conf > (more in line with the upstream...)
I see. I've been running on potato (current stable, right?); well, for the machine that directly connected to the Internet. That creates a lot of problem. My desktop always use unstable. But I don't think that it'd be wise to put an unstable machine on the Internet. So that I end up with different releases. Problem is, sometimes Gnome apps wouldn't be run remotely (crashed, to be exact; due to the differences in the libs). > >DEBIAN_SNORT_HOME_NET="192.168.1.x/32" > ^^^^^^^^^^^^^^^^ > Mine shows the routable interface's IP here: is this a munge or your NAT? The machine runs NAT. Actually, I want to monitor both NICs. > >DEBIAN_SNORT_OPTIONS=" -i eth0" > ^^^^ > is eth0 your ISP-connected NIC? No, internal. eth1 is the one that connected to outside. > >DEBIAN_SNORT_STATS_RCPT="root" > ^^^^^ > Change this just on principle: using root to check system email is just > another thing you can do as a user and not have to be logged in as root so > much... Okay. BTW, the "stable" and "unstable" release names are pretty misleading (misinterpreting?), right? I believe that those who happen to read messages on Debian lists (eg: on the archives) would think that there'd be Debian systems that are bound to crash daily. I think changing "unstable" to "development" would be nicer in the eye. Oki
