[Snort-users] Intro to Snort
neil at ...1633...
Tue May 1 10:15:27 EDT 2001
"Barry Treahy, Jr." <treahy at ...1944...> wrote asking:
>Greetings, I'm just joining in and I'm interested in the types of
>success folks have had using Snort as an IDS. Anyone have a good How-To
>or FAW on this particular issue?
The best "how-to" is to go to www.snort.org and read the page on
"Writing Snort Rules." The link to it is in the left pane. There
is also a link page leading to other sites with snort-related material
or which have to do with other security issues.
I'm relatively new to this forum myself, but in my limited experience
"success" hereabouts means that you got it in, operating, and logging
the sorts of things that interest you. Essentially all of the list
traffic has to do with achieving that happy state. Once arrived at,
folks tend to fall silent except when they can help someone else get
Snort is an extremely good bit of IDS software, but I can't remember
ever seeing a "Whoopeee, I caught the wretch" posting. That seems to
be a somewhat personal event -- largely, I expect, because publishing
an account of a "successful" use of your IDS system would tell the
whole world about your security arrangements in some detail.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users