Snort mailing list archives
Re: Newbie Question..
From: "Edwin Pua" <edwin1118 () hotmail com>
Date: Wed, 16 Jan 2002 06:36:31 +0000
Hi John, Thanx for the clarification.Btw, i would like to view the logs properly in my snort box using some statistical tools like ACID and SnortSnarf. Is possible to run these tools in the same snort box just for testing? I am afraid that it would conflict to some snort config files.
Any suggestion?
From: John Sage <jsage () finchhaven com> To: Edwin Pua <edwin1118 () hotmail com> CC: bmc () snort org, snort-users () lists sourceforge net Subject: Re: [Snort-users] Newbie Question.. Date: Tue, 15 Jan 2002 21:17:47 -0800 Edwin: It seems you're specifying the full path to your snort rules with /etc/snort/ddos.rules etc etc... That should work just fine. The default syntax in snort.conf assumes that when snort is invoked, it will find snort.conf in the directory which also contains the rules, so really it's not necessary to specify the path to the rules in snort.conf, but there shouldn't be any harm in doing so... > How will i enable my snort rules to communicate with snort.conf file > and run in NIDS mode? hmm.. not sure what you mean by this: I'd say that snort.conf needs to know where to find the rules, but the rules don't communicate with snort.conf, so much as with snort itself... The basic NIDS command line is: snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf See: SNORT_USAGE which gets posted to this list once a week... HTH.. - John -- The web page you seek cannot be found here: countless others await
_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie Question.. Edwin Pua (Jan 15)
- Re: Newbie Question.. John Sage (Jan 15)
- <Possible follow-ups>
- Re: Newbie Question.. Edwin Pua (Jan 15)