Snort mailing list archives

RE: Help With SnortCenter

From: "Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>
Date: Tue, 27 Jul 2004 22:28:42 -0400

Hi Samuel,
 
 
The rule download URL is located in the config.php file.  Look for the
following lines. 
 
/* URL to snort signature file & references
 * e.g. $snortrules_url = "
<http://www.snort.org/dl/signatures/snortrules-stable.tar.gz>
http://www.snort.org/dl/signatures/snortrules-stable.tar.gz";;
 */
$snortrules_url = "
<http://www.snort.org/dl/rules/snortrules-stable.tar.gz>
http://www.snort.org/dl/rules/snortrules-stable.tar.gz";;

Head over to www.snort.org <http://www.snort.org>  to find the latest URL to
the file if needed and then change the line in the config file to reflect
the current location.
 
To setup polices to push first add a sensor then go through the sensor
config menu options and check off all the items you want to include in the
policy.  Be sure to select the sensor you added from the drop down menu
first before checking off items or you may change a policy for another
sensor instead.
 
Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107
-----Original Message-----
From: McKeeman, Samuel [mailto:smckeeman () ingdirect com]
Sent: July 27, 2004 3:11 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Help With SnortCenter


Hi All,
            I am using snortcenter to manage my sensors and I have run into
a problem that I hope somebody can help me with.  I want to create the
config file to push off to the sensors, but when I click on update from the
internet I do not get anything.  Also the file that can be pushed to the
sensors is empty.  How do I get the file created to hold all of the vars,
preprocessors and outputplugins that I am already currently using on my
other sensors.  I also noticed that you can only select one output plugin.
Is there anyway to have more than one output-plugin.  If anyone could help
me out with setting this stuff up I would greatly appreciate it.
 
Thanks alot
 
 
--Sam McKeeman--
 


This email may contain confidential or privileged information. If you
believe you have received the message in error, please notify the sender and
delete the message without copying or disclosing it.

Current thread:

Help With SnortCenter McKeeman, Samuel (Jul 27)
- <Possible follow-ups>
- RE: Help With SnortCenter Truax, Shawn (MBS) (Jul 27)