[Snort-users] Snort setting

jo cam jo.cam at ...6346...
Fri Aug 23 17:04:05 EDT 2002

Thanks for your answer.
I installed my first sensor and it’s seem work fine. I used
the snort+mysql package which came with my linux

My configuration is:
- Linux 2.4 (Mandrake distrib ver 8.2)
- Snort ver 1.8.4
- ACID ver 0.9.6b20
- MySQL Ver 11.15 distrib 3.23.47

I can’t specified the sensor name in snort.conf. When I
lunch IE on my Win95 WS, I see that the sensor name is the
IP address of the network interface of my linux WS.

There are some problems with email alerts.
I created one alert group and one alert email in Alert
Group Maintenance. After viewing alerts, when I try to send
email alert, by putting my email address, ACID return the
message “Successful EXPORT-full- on xx alert(s) in xx
blobs” but I can’t receive mail.

In php.ini file, I left the default configuration for UNIX
machine (sendmail –t) and, for the win machine, I set up
the SMTP server (with the name of our smtp server) and my
email address.
Have you got more information for using the email alerts

For the others setting, I just downloading Andrea Barisani
document which describe an approach for setting up and
maintaining multiple Snort sensor. I hope this document
could help me. You will find it at



----- Original Message -----
From: "jo cam"
Sent: Wednesday, July 17, 2002 12:16 PM
Subject: [Snort-users] Snort setting


I want to use snort and MySQL in the following
- the first snort sensor on linux station. The database
MySQL also running on this sensor
- the second sensor on Win 95
- the third sensor on Win NT.


1. What is the sensor name ?
2. On Win95 and WinNT stations, is that necessary to have
MySQL client installed ?
3. In each station how can i setup the output module part
of snort.conf ?


Envoyez des messages musicaux sur le portable de vos amis

More information about the Snort-users mailing list