RE: Snort questions

["Patrick S. Harper" <patrick () internetsecurityguru com>]

most of your questions will be answered by the install guides on the
snort.org website.  I wrote one for Redhat 9, and have updates for fedora
core 1 (it will work with core 2 is you use the RPM's at the site I mention
on my docs page)  The RPM's are very stable, I have had no problems with
them.  Openaanval does some decent reporting (the install is included as
part of my core 1 install doc) and you will find other front ends on the
snort.org site.  I use oinkmaster to update, I have it to check everyday or
you can just run it as you desire.  it is a Perl script so make sure you
have Perl installed (most Linux systems do).  I update snort as soon as I
test it on a test box and make sure it does not break my installs.  Hope
that helps.



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
  

 
hi 

I have following questions..hope that would help many people out there 

where can I get the names and versions of all the software (e.g. libpcap)
required by snort ? 
It is mentioned that snort has a 'very small footprint' what is the size of
the footprint ? 
whether snort RPMs are stable and what are the pros and cons of using RPM
over compiling from source ? 
how to prepare reports from snort logs ? 
what is the best method of rules updation ? 
how frequently do I need to upgrade snort ? 
any suggestions for backup strategy ? 

regards, 

shashank



---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004