Re: reg: snort.conf

["Ahmad Masood Shah" <jahil () 66-uetclub com>]

it's depend .... what you wana want to log.. via IDS. I will suggest better
to study FAQs for rules or go through via tut.. on web.

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

----- Original Message ----- 
From: "Rahul" <shadhanker () gmx net>
To: "Erek Adams" <erek () snort org>
Cc: "SnortUsers" <snort-users () lists sourceforge net>
Sent: Wednesday, August 13, 2003 5:02 PM
Subject: Re: [Snort-users] reg: snort.conf


| Thanks to Ahmad and Erek.
| I did as
|  cp etc/*  <pathto-snort/etc>
|  cp rules/* <pathto-snort>/rules
|
| I did the same.
|
| My another Q! is does basic conf will work withotu any modification or
need
| to  ''edit''   conf file before using with "-c".
|
| Thanks and Regards,
| -sadha
|
| > On Tue, 12 Aug 2003, Rahul wrote:
| >
| > [...snip...]
| >
| > > My Q! is there any bug in snort that won't create etc/snort.conf and
| rules
| > > dir under installation path or
| > > do we need to move manually to the installation path?
| >
| > No bug.  It's by design.
| >
| > Install it where you wish, it doesn't matter.  It's as simple as:
| >
| > cp etc/* /opt/etc/snort/
| > cp rules/* /opt/etc/snort/rules
| >
| > Or wherever you want.
| >
| > I personally like something like:
| >
| > /etc/snort/
| > /etc/snort/rules
| > /etc/snort.conf symlinked to /etc/snort/snort.conf
| >
| > That allows you to leave off the -c /path/to/snort.conf on the command
| > line since that's one of the default places that snort will look for a
| > config file.
| >
| > > and no need to use snort.conf file(all available in cmd line options o
f
| > > snort)?
| >
| > *shrug*  It depends on the mode you want.  Snort has three modes:
| >
| > Sniffer
| > Packet Logger
| > NIDS
| >
| > You don't need a snort.conf for the first two, but you need it for the
| > NIDS mode.  Read the Snort manual.  This is documented in the first few
| > paragraphs.  :)  Amazing all the stuff we hide in the docs isn't it?
| >
| > Cheers!
| >
| > -----
| > Erek Adams
| >
| >    "When things get weird, the weird turn pro."   H.S. Thompson
| >
|
|
| ---
| Outgoing mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
|
|
|
| -------------------------------------------------------
| This SF.Net email sponsored by: Free pre-built ASP.NET sites including
| Data Reports, E-commerce, Portals, and Forums are available now.
| Download today and enter to win an XBOX or Visual Studio .NET.
|
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
| _______________________________________________
| Snort-users mailing list
| Snort-users () lists sourceforge net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
|



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users