Snort mailing list archives
Re: snort commands
From: Erek Adams <erek () snort org>
Date: Wed, 6 Aug 2003 11:16:52 -0400 (EDT)
On Wed, 6 Aug 2003, [iso-8859-1] attiq ahmed wrote:
I have one query about snort ids. I want to place snort ids in dmz and monitor all the traffic in that dmz the network address of the dmz is 10.128.40.0 and i have two network cards in the snort ids machine. please let me know the exact command on snort to monitor the dmz traffic. And also let me know what is the use of second network card( is it required). And also iam using a syslog server the ip address is 10.128.1.2. can you please let me know the excat commnad in snort to monitor the dmz traffic of network 10.128.40.0 and also to log it to syslog server. and also what is the command if i want to monitor any traffic
All of your questions are answered in the docs [0]. Please take the time to read them. You have to edit your snort.conf setting the correct variables for your network. You'll need to have at the very least: var HOME_NET 10.128.40.0/24 var EXTERNAL_NET !$HOME_NET Then read the section detailing syslog. # [Unix flavours should use this format...] # output alert_syslog: LOG_AUTH LOG_ALERT You'd uncomment and change that second line to whatever facilty and severity you want. Since Snort logs to the local syslog, you'll need to change your syslog.conf file to send the messages to the other server. "man syslog.conf" for details. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/docs/writing_rules/ http://www.snort.org/docs/FAQ.txt ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort commands attiq ahmed (Aug 06)
- Re: snort commands Erek Adams (Aug 06)