Snort mailing list archives
Re: reg: snort.conf
From: "Ahmad Masood Shah" <jahil () 66-uetclub com>
Date: Wed, 13 Aug 2003 17:30:02 +0500
it's depend .... what you wana want to log.. via IDS. I will suggest better to study FAQs for rules or go through via tut.. on web. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) ----- Original Message ----- From: "Rahul" <shadhanker () gmx net> To: "Erek Adams" <erek () snort org> Cc: "SnortUsers" <snort-users () lists sourceforge net> Sent: Wednesday, August 13, 2003 5:02 PM Subject: Re: [Snort-users] reg: snort.conf | Thanks to Ahmad and Erek. | I did as | cp etc/* <pathto-snort/etc> | cp rules/* <pathto-snort>/rules | | I did the same. | | My another Q! is does basic conf will work withotu any modification or need | to ''edit'' conf file before using with "-c". | | Thanks and Regards, | -sadha | | > On Tue, 12 Aug 2003, Rahul wrote: | > | > [...snip...] | > | > > My Q! is there any bug in snort that won't create etc/snort.conf and | rules | > > dir under installation path or | > > do we need to move manually to the installation path? | > | > No bug. It's by design. | > | > Install it where you wish, it doesn't matter. It's as simple as: | > | > cp etc/* /opt/etc/snort/ | > cp rules/* /opt/etc/snort/rules | > | > Or wherever you want. | > | > I personally like something like: | > | > /etc/snort/ | > /etc/snort/rules | > /etc/snort.conf symlinked to /etc/snort/snort.conf | > | > That allows you to leave off the -c /path/to/snort.conf on the command | > line since that's one of the default places that snort will look for a | > config file. | > | > > and no need to use snort.conf file(all available in cmd line options o f | > > snort)? | > | > *shrug* It depends on the mode you want. Snort has three modes: | > | > Sniffer | > Packet Logger | > NIDS | > | > You don't need a snort.conf for the first two, but you need it for the | > NIDS mode. Read the Snort manual. This is documented in the first few | > paragraphs. :) Amazing all the stuff we hide in the docs isn't it? | > | > Cheers! | > | > ----- | > Erek Adams | > | > "When things get weird, the weird turn pro." H.S. Thompson | > | | | --- | Outgoing mail is certified Virus Free. | Checked by AVG anti-virus system (http://www.grisoft.com). | Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 | | | | ------------------------------------------------------- | This SF.Net email sponsored by: Free pre-built ASP.NET sites including | Data Reports, E-commerce, Portals, and Forums are available now. | Download today and enter to win an XBOX or Visual Studio .NET. | http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 | _______________________________________________ | Snort-users mailing list | Snort-users () lists sourceforge net | Go to this URL to change user options or unsubscribe: | https://lists.sourceforge.net/lists/listinfo/snort-users | Snort-users list archive: | http://www.geocrawler.com/redir-sf.php3?list=snort-users | ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Erek Adams (Aug 12)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 13)
- Re: reg: snort.conf David Alonso De La Vega Tapage (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 13)
- Re: reg: snort.conf Rahul (Aug 15)
- snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Matt Kettler (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 20)
- Re: snort crash - after sometime in IDS mode(plz reply) Rahul (Aug 20)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)