Snort Configurations

["Greg Lane" <greglane () laneconstinc com>]

I'm starting to learn how to tune my Snort install and it is a slow process.
I have alerts like crazy because I know it needs to be tuned and I
especially have a lot of http_inspect alerts coming up.  I've been reading
and from what I can gather if you don't have a websever you may not really
need this in operation or am I wrong?  If I am wrong then what is the best
possible solution for me to cut down most of the alerts which are false
positives so to speak or aren't dangerous at all?  This will probably be one
of many questions concerning configs coming to an email box near you.

 

Greg Lane

IT Manager

Lane Enterprises

 

Email:  greglane () laneconstinc com

Phone: (228)872-2414

 

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users