![snort logo](/images/snort-logo.png)
Snort mailing list archives
New-bie.. Done this and next what.
From: "Mallik Prasad.S" <S.Mallik.Prasad () celstream com>
Date: Thu, 13 Mar 2003 16:31:18 +0530
Hello Gurus, My goal is to do IDS for a set of Critical Servers inside the network which sits on a single cisco switch and net.(around 6-8, windows server, 2 Sun box, 2 RH-7.3 linux boxes, mail server) I have been wanting to run Snort in My network since some time.. at Last I found the resources/time/etc... to put this in place.. I have been successfull..in installing Snort/Webmin/ACID/MYSQL. etc. .. RH-linux - 7.3, Snort1.9.1, Now I start seeing that the ACID Webconsole is giving out only one error 50 ICMP issues. and nothing else. I was successfull in bringing up Snort using this line..... /usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf Another Problem I am finding in the webmin- snort managment console.. through the browser when I click on any ruleset is this..... Rule file cannot be found (/etc/snort/$RULE_PATH/attack-responses.rules) In the snort.conf the variable setout in the /etc/snort/snort.conf is that... RULE_PATH /etc/snort What are the things.. any catchas - gotchas - or any good..to do... any thoughts on what to do next and how do I get to the best way of my managing the IDS effectively and getting the best out of this scenario. Any thoughts/pointers would be of great help. Best Regards, Mallik Prasad S Celstream Technologies, #9,Prestige Blue Chip Software Park Block II, Hosur Road,(Besides Bangalore Dairy), Bangalore - 560 029. Ph: 51191919 Fax: 51191900 mailto:s.mallik.prasad () celstream com
Current thread:
- New-bie.. Done this and next what. Mallik Prasad.S (Mar 13)