var HOME_NET [192.168.10.0/24]
var EXTERNAL_NET any
var DNS_SERVERS [192.168.10.1,192.168.10.2]
var SMTP_SERVERS [192.168.10.1,192.168.11.1]
var HTTP_SERVERS [192.168.10.1,192.168.11.1]
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.16 1.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH /etc/snort/rules
output alert_syslog: LOG_AUTH LOG_ALERT
include classification.config
include reference.config
include $RULE_PATH/local.rules
...
include $RULE_PATH/experimental.rules