[Excuse me for the very late reaction, please; I was away this weekend.]
On Thu, Oct 26, 2006 at 03:46:45PM -0700, John Draper wrote:
> Joachim Schipper wrote:
> >>I also posted this to the snort users list, [EMAIL PROTECTED], but
> >>(sigh) my postings are not making it to the list. Have they changed
> >>their list mailing address? I suppose I shouldn't ask that in this
> >>forum, but if anyone knows the snort mailing list address, and if
> >>it's different, then I need to know that.
> >
> >I really wouldn't know what snort mailing lists are there, but are you
> >*really* certain that is not just one random guy? a quick google does
> >suggest so, and does suggest that
> >https://lists.sourceforge.net/lists/listinfo/snort-users might be a good
> >place to start (note the [EMAIL PROTECTED]).
> >
> I just learned they changed the name of the mailing list, which
> I joined more then 3 years ago. I'm still getting mail from
> [EMAIL PROTECTED] but for some reason, sending mail
> there no longer works, but I did get a different Email, and have
> since sent this posting to them as well, and confirmed it is
> working now.
>
> I think I've decided to download and test SnortSam and see if it meets
> my needs. It seems to only support OpenBSD 3.6 (I have 3.8),
> and have joined the SnortSam mailing list so I can direct my questions
> to this list as I start learning it.
Just be sure to install 4.0 before doing any serious work. It shouldn't
be too different, and running an old version is un-fun.
> >Questions are, of course, welcome; that's what this list is for, to a
> >certain extent. However, I can't believe you actually tried to find the
> >answer to the IPTables question before posting. (I could see how one
> >would have trouble finding the answer to the other questions.)
>
> I might have been looking in the wrong place - sorry! These
> things happen.
No harm done. I'm sorry, I overreacted a bit.
> >Also, if you had actually taken a look at the port,
> >/usr/ports/net/snort, you'd have noticed the flexresp option (and the
> >lack of inline option,
>
> I didn't notice it, because how would I know to look for it?
> I don't even know what a "flexresp" option is.... and yes,
> I agree with you that I should use the ports tree, but I
> WILL need to build snort from source, expecially if I intend
> to use SnortSam, because I already looked at their docs,
> and am putting together an installation plan. I develop this
> plan while I'm reading the archives in the mailing lists, of
> which I'm focusing on SnortSam right now, and getting it to
> work with OpenBSD's "PF"... but as I said earlier, SnortSam
> supports up to ver 3.6 of OPenBSD, but they only said they
> tested it to that version, I'm hopeful SnortSam WOULD work
> with the new 3.8.
It should, and probably will.
Joachim
