Snort mailing list archives
Re: a little confusion
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 17 Apr 2002 00:26:53 -0700 (PDT)
On Tue, 16 Apr 2002, UU/ppp139352 wrote:
Sorry for a basic basic question, but I've read the docs and I'm confused about one point.
Oh, that's OK. We welcome all with equal sarcasm here. ;-)
I've installed snort and it came with a number of ".rules" files. I've put these in roots home directory /var/private/root/.snortrc/ Is this the correct place or should the be in /etc/snort/ ? Secondly I presume there should be a snort.conf somewhere maybe in /etc?
Well... That depends. When snort is started, it looks for a snort.conf file in /etc/snort.conf or in <homedir>/snort.conf. If that fails it looks for a <homedir>/.snortrc. In the current version (1.8.6) of snort.conf it has a new variable RULE_PATH. You can define that to be anywhere. I personally like to have all my eggs in one basket, or at least within the same 'zone' if you will. Pick one way to do all of it and stick with it across _all_ sensors. I can't stress _HOW_ important that is. :) "One place to find them, one .conf to bind them." (With apologies to J.R.R. Tolkien).... Cheers! :) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- a little confusion UU/ppp139352 (Apr 16)
- Re: a little confusion Erek Adams (Apr 17)