Re: a little confusion

[Erek Adams <erek () theadamsfamily net>]

On Tue, 16 Apr 2002, UU/ppp139352 wrote:

> Sorry for a basic basic question, but I've read the docs and I'm confused
> about one point.

Oh, that's OK.  We welcome all with equal sarcasm here. ;-)

> I've installed snort and it came with a number of ".rules" files. I've put
> these in roots home directory /var/private/root/.snortrc/
> Is this the correct place or should the be in /etc/snort/ ?
> Secondly I presume there should be a snort.conf somewhere maybe in /etc?

Well...  That depends.

When snort is started, it looks for a snort.conf file in /etc/snort.conf or in
<homedir>/snort.conf.  If that fails it looks for a <homedir>/.snortrc.

In the current version (1.8.6) of snort.conf it has a new variable RULE_PATH.
You can define that to be anywhere.  I personally like to have all my eggs in
one basket, or at least within the same 'zone' if you will.  Pick one way to
do all of it and stick with it across _all_ sensors.  I can't stress _HOW_
important that is.  :)  "One place to find them, one .conf to bind them."
(With apologies to J.R.R. Tolkien)....

Cheers!  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users