Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reg: snort.conf

From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Wed, 13 Aug 2003 08:18:09 -0500
MM half and a hlaf .. you need to do minimal configurations to snort.conf .. as your net ( HOME_NET ) and some thigs as DNS, SMTP server .. all is to obtain the specific traffic that you want in other caase you have trought the snort sensor al smtpm requiest and DNS requiest .. etc etc ..
is very easy so put in operation .. with some days you can establish the best config that function for you and your net .. 

Cheers ..

David

Rahul wrote:


Thanks to Ahmad and Erek.
I did as
cp etc/*  <pathto-snort/etc>
cp rules/* <pathto-snort>/rules

I did the same.

My another Q! is does basic conf will work withotu any modification or need
to  ''edit''   conf file before using with "-c".

Thanks and Regards,
-sadha


On Tue, 12 Aug 2003, Rahul wrote:

[...snip...]


My Q! is there any bug in snort that won't create etc/snort.conf and

rules

dir under installation path or
do we need to move manually to the installation path?

No bug.  It's by design.

Install it where you wish, it doesn't matter.  It's as simple as:

cp etc/* /opt/etc/snort/
cp rules/* /opt/etc/snort/rules

Or wherever you want.

I personally like something like:

/etc/snort/
/etc/snort/rules
/etc/snort.conf symlinked to /etc/snort/snort.conf

That allows you to leave off the -c /path/to/snort.conf on the command
line since that's one of the default places that snort will look for a
config file.


and no need to use snort.conf file(all available in cmd line options of
snort)?

*shrug*  It depends on the mode you want.  Snort has three modes:

Sniffer
Packet Logger
NIDS

You don't need a snort.conf for the first two, but you need it for the
NIDS mode.  Read the Snort manual.  This is documented in the first few
paragraphs.  :)  Amazing all the stuff we hide in the docs isn't it?

Cheers!

-----
Erek Adams

  "When things get weird, the weird turn pro."   H.S. Thompson




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: