[Snort-sigs] Re: newbie post

Mark Cooper mark at ...1453...
Sat Apr 12 01:40:04 EDT 2003


Bryan,

You do not need to concatenate the individual rule files. Rule files are
typically "activated" by including them in the master configuration file,
typically named snort.conf. You then specify this master config file with
the "-c" option

Have a look at the excellent online documentation available at ww.snort.org,
specifically the part that details the "include rule_file" option.

HTH,

Mark
----- Original Message -----
> Message: 4
> From: Bryan Irvine <bryan.irvine at ...1441...>
> To: snort-sigs at lists.sourceforge.net
> Organization:
> Date: 11 Apr 2003 13:16:04 -0700
> Subject: [Snort-sigs] newbie post
>
> I've got snort installed (from ports on OpenBSD).
>
> It came with a ton of example files.
>
> Do I just cat them into one file for use with snort?
>
> ie if I want to monitor porno, chat and exploits
>
> cat porno.rules > snort.rules
> cat chat.rules >> snort.rules
> cat exploit.rules >> snort.rules
>
> snort -c snort.rules
>
> My second question what does snort stand for?
>
> --Bryan






More information about the Snort-sigs mailing list