Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort commands

From: Erek Adams <erek () snort org>
Date: Wed, 6 Aug 2003 11:16:52 -0400 (EDT)
On Wed, 6 Aug 2003, [iso-8859-1] attiq ahmed wrote:


I have one query about snort ids. I want to place snort ids in dmz and
monitor all the traffic in that dmz the network address of the dmz is
10.128.40.0 and i have two network cards in the snort ids machine.

please let me know the exact command on snort to monitor the dmz
traffic. And also let me know what is the use of second network card( is
it required).

And also iam using a syslog server the ip address is 10.128.1.2. can you
please let me know the excat commnad in snort to monitor the dmz traffic
of network 10.128.40.0 and also to log it to syslog server.

and also what is the command if i want to monitor any traffic


All of your questions are answered in the docs [0].  Please take the time
to read them.

You have to edit your snort.conf setting the correct variables for your
network.  You'll need to have at the very least:

        var HOME_NET 10.128.40.0/24
        var EXTERNAL_NET !$HOME_NET

Then read the section detailing syslog.

        # [Unix flavours should use this format...]
        # output alert_syslog: LOG_AUTH LOG_ALERT

You'd uncomment and change that second line to whatever facilty and
severity you want.  Since Snort logs to the local syslog, you'll need to
change your syslog.conf file to send the messages to the other server.
"man syslog.conf" for details.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/writing_rules/
        http://www.snort.org/docs/FAQ.txt


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: