Snort mailing list archives
Re: Probably a Dumb Question
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 9 Aug 2016 13:45:01 +0000
Not sure what clear foundation provides for you but for best results you should probably install snort from source and customize it to fit your needs. The best documentation you will find on snort is on the https://snort.org/ website and in the opensource download (manual and README files). Feel free to post questions and we will be glad to help out and give pointers where we can. Thanks! Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com On 8/9/16, 7:45 AM, "Steve Thompson" <stevet () copper net> wrote:
Thank you for the reply, especially for the manual links. ClearOS 6 implements snort from its marketplace. I will have to do a bit of work to modify the configuration. So I will be reading for a while. However, in my opinion, Clear Foundation doesn't do such a great job of documenting... Regards, Steve.T On 08/08/2016 08:47 PM, Al Lewis (allewi) wrote:Hello, Snort is alerting off of the traffic is sees. Its up to the user to set snort up so that the traffic is sees makes sense (this is called IDS tuning). You may want to take a look at the manual. A good place would be to start here: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html One of your very first steps should be to setup your HOME_NET and EXTERNAL_NET http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node16.html#SECTION00312000000000000000 Good Luck. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<SNIPPAGE>
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Probably a Dumb Question Steve Thompson (Aug 08)
- Re: Probably a Dumb Question Al Lewis (allewi) (Aug 08)
- Re: Probably a Dumb Question Steve Thompson (Aug 09)
- Re: Probably a Dumb Question Al Lewis (allewi) (Aug 09)
- Re: Probably a Dumb Question Steve Thompson (Aug 09)
- Re: Probably a Dumb Question Al Lewis (allewi) (Aug 08)