Re: Help on fresh snort...

[Joel Esler <jesler () sourcefire com>]

Self plug:

http://blog.joelesler.net/2006/12/the-snort-top-10.html

Top 10 things need to be done with Snort. (assembled from people that haven't done them).

Also this post:

http://blog.joelesler.net/2009/01/snort-is-up-and-running-now-what.html

Joel


On Feb 10, 2010, at 9:17 AM, Bob Marley wrote:

>  
> Thanx Alex for the insight, 
> BM
>  
>
> --- On Wed, 2/10/10, Alex Kirk <akirk () sourcefire com> wrote:
>
> From: Alex Kirk <akirk () sourcefire com>
> Subject: Re: [Snort-users] Help on fresh snort...
> To: "Sandro guly Zaccarini" <guly () luv guly org>
> Cc: "Bob Marley" <cyroscholar () yahoo com>, snort-users () lists sourceforge net
> Date: Wednesday, February 10, 2010, 8:38 PM
>
> Bob,
>
> While Sandro is correct - reading the manual will get you the farthest - here are a few things that are important to 
> focus on (assuming that you already have Snort compiled/installed, and are just trying to get it doing its job):
>
> * Review your configuration and make sure things are tuned for your local environment. Setting the $HOME_NET variable 
> to include IPs for your local network, setting your $RULE_PATH variable to a directory that contains Snort rules, 
> choosing the output method that works best for your environment, etc. are all very important things to do.
>
> * Make sure you've actually got a set of rules for Snort to use that's reasonably up-to-date. You can get free rules 
> by registering at Snort.org.
>
> * Choose an appropriate place to deploy Snort on your network that will ensure maximum visibility. You probably want 
> it inside a firewall, since the Internet is a noisy place, but other than that, pass as much traffic to your Snort 
> box as it can handle.
>
> If you have more specific questions moving forward, feel free to send questions to the list.
>
> On Wed, Feb 10, 2010 at 4:10 AM, Sandro guly Zaccarini <guly () luv guly org> wrote:
> On Wed, Feb 10, 2010 at 12:53:50AM -0800, Bob Marley wrote:
> > All,
> >
> >
> > Need help on deploying snort on dapper for the first time. I read the manual
> > and it's really frustrating. can someone key in on the most important things
> > to do... please
>
> the most important thing is to read the manual.
>
> sz
> --
>  /"\   taste your favourite IT consultant
>  \ /   gpg public key http://www.guly.org/guly.asc
>   X
>  / \
>
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -- 
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk () sourcefire com
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Joel Esler
302-223-5974





------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users