Snort mailing list archives
Re: Snort
From: Erek Adams <erek () snort org>
Date: Tue, 25 Mar 2003 09:22:28 -0500 (EST)
On Mon, 24 Mar 2003, ryan stangl wrote:
I have a quick question for anyone who can help me. I have snort 1.7 installed and running. I can run the command snort -dvae and get results. I also have a folder named "rules" that has many prewritten rules. How do I, on a windows2000 Server machine, get those rules to run via the command line. Any help will be much appreciated, thanks ryan
First off: UPGRADE! 1.7 is _dead_. There aren't any patches or updates to that code branch. You'll be a _LOT_ better off to move to 1.9.1. You can get the binary for Win32 from here [0]. Once you do that, you'll need to install it. After the install, you'll need to edit the snort.conf file and setup a few things. At the most basic level, you'll need to change your HOME_NET to the network you want to monitor, change your EXTERNAL_NET to what you want to consider the 'outside world'--I suggest you set it as !$HOME_NET. That translates to 'not the IP range that is considered HOME_NET'. You'll also need to change RULES_PATH to the full path of where your 1.9.1 rules are installed. Other than that, there's not much more you should have to change. Granted, you can make other changes, but that's for once you get it running. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/dl/binaries/win32/snort-1_9_1.exe ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users