Snort mailing list archives
Re: reg: snort.conf
From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Wed, 13 Aug 2003 08:18:09 -0500
MM half and a hlaf .. you need to do minimal configurations to snort.conf .. as your net ( HOME_NET ) and some thigs as DNS, SMTP server .. all is to obtain the specific traffic that you want in other caase you have trought the snort sensor al smtpm requiest and DNS requiest .. etc etc ..
is very easy so put in operation .. with some days you can establish the best config that function for you and your net ..
Cheers .. David Rahul wrote:
Thanks to Ahmad and Erek. I did as cp etc/* <pathto-snort/etc> cp rules/* <pathto-snort>/rules I did the same. My another Q! is does basic conf will work withotu any modification or need to ''edit'' conf file before using with "-c". Thanks and Regards, -sadhaOn Tue, 12 Aug 2003, Rahul wrote: [...snip...]My Q! is there any bug in snort that won't create etc/snort.conf andrulesdir under installation path or do we need to move manually to the installation path?No bug. It's by design. Install it where you wish, it doesn't matter. It's as simple as: cp etc/* /opt/etc/snort/ cp rules/* /opt/etc/snort/rules Or wherever you want. I personally like something like: /etc/snort/ /etc/snort/rules /etc/snort.conf symlinked to /etc/snort/snort.conf That allows you to leave off the -c /path/to/snort.conf on the command line since that's one of the default places that snort will look for a config file.and no need to use snort.conf file(all available in cmd line options of snort)?*shrug* It depends on the mode you want. Snort has three modes: Sniffer Packet Logger NIDS You don't need a snort.conf for the first two, but you need it for the NIDS mode. Read the Snort manual. This is documented in the first few paragraphs. :) Amazing all the stuff we hide in the docs isn't it? Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Erek Adams (Aug 12)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 13)
- Re: reg: snort.conf David Alonso De La Vega Tapage (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 13)
- Re: reg: snort.conf Rahul (Aug 15)
- snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Matt Kettler (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 20)
- Re: snort crash - after sometime in IDS mode(plz reply) Rahul (Aug 20)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)