Snort mailing list archives
Re: Snort configuration
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Sat, 11 Jun 2016 11:53:01 +0000
That is because you are running snort in sniffer mode and not IDS mode. Checkout the overview section of the manual. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node2.html Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Velusami, Selvi [mailto:selvi.velusami () verizon com] Sent: Friday, June 10, 2016 5:00 PM To: snort-users () lists sourceforge net Cc: Selvi Velusami Subject: [Snort-users] Snort configuration Hi, I am very new to snort and I need to configure the same to our VM environment. Please find below my environment details 1. Snort is installed on a centos OS with two networks in VM environment 2. Downloaded the snort.rules from snort.org 3. I have modified the below parameters in the snort.conf file and set the path to /etc/snort/rules a. RULE_PATH b. SO_RULE_PATH c. PREPROC_RULE_PATH d. WHITE_LIST_PATH e. BLACK_LIST_PATH 4. After these things when I issue the command snort -v , I am getting the below messages. "No Preprocessors configured for policy 0" I am sure that I am missing a big stuff here. Any pointers or configuration help to configure the same will be much appreciated. Thanks, Selvi.V
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort configuration Velusami, Selvi (Jun 10)
- Re: Snort configuration Al Lewis (allewi) (Jun 11)