New-bie.. Done this and next what.

["Mallik Prasad.S" <S.Mallik.Prasad () celstream com>]

Hello Gurus,

My goal is to do IDS for a set of Critical Servers inside the network which
sits on a single cisco switch and net.(around 6-8, windows server, 2 Sun
box, 2 RH-7.3 linux boxes, mail server)

I have been wanting to run Snort in My network since some time.. at Last I
found the resources/time/etc... to put this in place.. I have been
successfull..in installing Snort/Webmin/ACID/MYSQL. etc. .. RH-linux - 7.3,
Snort1.9.1, Now I start seeing that the ACID Webconsole is giving out only
one error 50 ICMP issues. and nothing else. 

I was successfull in bringing up Snort using this line.....

/usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf

Another Problem I am finding in the webmin- snort managment console..
through the browser when I click on any ruleset is this.....
Rule file cannot be found (/etc/snort/$RULE_PATH/attack-responses.rules)

In the snort.conf the variable setout in the /etc/snort/snort.conf is
that...

RULE_PATH /etc/snort

What are the things.. any catchas - gotchas - or any good..to do... any
thoughts on what to do next and how do I get to the best way of my managing
the IDS effectively and getting the best out of this scenario.

Any thoughts/pointers would be of great help.

Best Regards,
Mallik Prasad S

Celstream Technologies,
#9,Prestige Blue Chip Software Park Block II, 
Hosur Road,(Besides Bangalore Dairy),
Bangalore - 560 029.
Ph: 51191919 Fax: 51191900

mailto:s.mallik.prasad () celstream com