RE: getting started how to ..help

[Erwin () fox-it com]

Hi,
 
Maybe u should starup with the following:
 
"snort -dvi rl1 -c snort.conf "
 
Where rl1 is u networkinterface u want snort to check the traffic from
The snort.conf file u can leave at the deaufault settings for now. In this
setup snort should at least do something (u should see some traffic flowing
by). If u then use a ping from a outside machine to a inside u should
trigger a ping signature and see that it works. After that its all
finetuning
 
Also make the /var/log/snort/ directory where the snorts logs goto
 
Hope to have been of some help. I am also new to snort, so i'm also still
learning. But this worked for me
 
- --- 
Erwin Fok                       t  015 - 21 21 907 
Fox-IT Forensic IT Experts      f  015 - 21 21 964 
Oude Delft 47                   e  erwin () fox-it com 
2611 BC  Delft                  i  www.fox-it.com 

-----Oorspronkelijk bericht-----
Van: brentb [mailto:brentb () loa com]
Verzonden: donderdag 23 augustus 2001 14:47
Aan: 'snort-users'
Onderwerp: [Snort-users] getting started how to ..help


I  currently have Snort 1.7 installed on my BSD machine which is a gateway
machine for my internal network...When i start snort by doing:
 
#/usr/local/bin/snort -d -h 192.168.0.0/24 -l /var/log/snort.log -c
/usr/local/etc/snort.conf &
 
or by starting it from /etc/rc.conf at boot time...it runs ..as i can see
the process running with  "ps -aux"
BUT it doesnt seem to do anything ..ive tested it by scanning the BSD box
from another machine out on the internet (from my work)
and i see nothing from snort ...no mail ...no syslog ..no warnings of port
scans...Nothing...
I have followed the README & INSTALL files ..(which are the same howto's
found on snorts website) and they are pretty vague...
is there a walk thru or an example that i can follow somewhere ...or can
someone just give a clue ??  
any help is GREATLY appreciated
 
thanx
B