[Snort-users] snort & acid how-to

Steve Halligan agent33 at ...187...
Wed Nov 21 09:58:02 EST 2001


Check out:
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
It is chock full o' answers to all of you DB/ACID related questions.

INSIDE or OUTSIDE depends on what you are hoping to detect.  INSIDE you can
see what you internal users are doing and see outside traffic that made it
inside.  OUTSIDE you can see inside traffic that made it out and outside
traffic BEFORE it gets filtered by your firewall/nat
box/ipchain/ipfilters/etc.

-Steve



i installed snort 1.7 on my FBSD machine...seems to be running ..however
...in the snort.conf ...i had it ( for the moment ) log to syslog...
question 1 is ....how do i  OR  is there a good "how-to " on getting snort
to work with mysql ...and acid ?
question 2  is ...I have it running on the INSIDE interface ( the box is
doing NAT)   should i be running it on the inside or outside interface ??
any and all help is GREATLY appreciated.    :-)

thanx

Brent




More information about the Snort-users mailing list