[Snort-users] Snort basic questions

Fyodor fygrave at ...121...
Sun Jun 10 08:41:04 EDT 2001


On Sun, Jun 10, 2001 at 12:07:56PM +0100, Effi Baruch wrote:
> Hi,
> I have some basic questions about the Snort:
> 1. Can I send syslogs with it to another computer ? If yes, how can it be
> done ?

in your /etc/syslog.conf:

snortsyslog.level       @hostname

Snortsyslog level is the facility.level which snort does logging with.

> 2. What is the maximum amount of traffic it can handle ?

Depends on your CPU power/ram.. 

> 3. Can I listen to traffic and examine it without logging it (using only the
> alert option) ? If yes, how can it be done ?

-N option.

> 4. I saw there is a list of rules I can use (DoS etc.). If I want to use
> them all, should I need to copy it to a single rules file ?
> 

use snort.conf, it includes them all.

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1




More information about the Snort-users mailing list