Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: (Snort-users) Newbie Question..

From: <sandro.poppi () wacker com>
Date: Wed, 16 Jan 2002 08:05:00 +0100
Morning Edwin,


Hi John,

Thanx for the clarification.

Btw, i would like to view the logs properly in my snort box
using some
statistical tools like ACID and SnortSnarf. Is possible to
run these tools
in the same snort box just for testing? I am afraid that it
would conflict
to some snort config files.


This works very well on the same machine without interfering snort. If you're
monitoring more than one segment or your machine is somehow undersized it may be
a better way to use a separate pc with those tools and the underlying database
and make snort log to the remote db.


Any suggestion?


You might also want to have a look at my HOWTO at www.linuxdoc.org or
www.lug-burghausen.org/projects/index.html#snort-stat.

Ciao,
Sandro



From: John Sage <jsage () finchhaven com>
To: Edwin Pua <edwin1118 () hotmail com>
CC: bmc () snort org, snort-users () lists sourceforge net
Subject: Re: [Snort-users] Newbie Question..
Date: Tue, 15 Jan 2002 21:17:47 -0800

Edwin:

It seems you're specifying the full path to your snort rules with
/etc/snort/ddos.rules etc etc...

That should work just fine.

The default syntax in snort.conf assumes that when snort is

invoked, it

will find snort.conf in the directory which also contains

the rules, so

really it's not necessary to specify the path to the rules in
snort.conf, but there shouldn't be any harm in doing so...


 How will i enable my snort rules to communicate with

snort.conf file

and run in NIDS mode?


hmm.. not sure what you mean by this: I'd say that

snort.conf needs to

know where to find the rules, but the rules don't communicate with
snort.conf, so much as with snort itself...


The basic NIDS command line is:

snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf

See: SNORT_USAGE which gets posted to this list once a week...



HTH..


- John

--
The web page you seek
cannot be found here:
countless others await



_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: