[Snort-sigs] newbie post

Bryan Irvine bryan.irvine at ...1441...
Mon Apr 7 16:51:06 EDT 2003


I've jsut started getting interested in snort.

I've been looking around at the ruleset, and it looks rather similar to
OpenBSD's PF.  I've read the documentation ( I printed it out and have
it right here.  It seems snort has a lot of options that is a bit
overwelming for a newbie.  I'm wondering what would be the best way to
build my config file.

I'd like to have snort scan for viruses, known windows exploits, but I
don't want to see a zillion false positives.  I tried running it with
the default config file, and it started generating a lot of logs on
things I didn't really care about.  We ahve a funky routing thing here
that we can't get rid of so I was always seeing things like "next-hop"
error messages.

Is there any sample files around that I can read from?

--Bryan





More information about the Snort-sigs mailing list