[Snort-users] Newbie Question..

John Sage jsage at ...2022...
Tue Jan 15 21:18:03 EST 2002


Edwin:

It seems you're specifying the full path to your snort rules with 
/etc/snort/ddos.rules etc etc...

That should work just fine.

The default syntax in snort.conf assumes that when snort is invoked, it 
will find snort.conf in the directory which also contains the rules, so 
really it's not necessary to specify the path to the rules in 
snort.conf, but there shouldn't be any harm in doing so...

 >  How will i enable my snort rules to communicate with snort.conf file
 > and run in NIDS mode?

hmm.. not sure what you mean by this: I'd say that snort.conf needs to 
know where to find the rules, but the rules don't communicate with 
snort.conf, so much as with snort itself...


The basic NIDS command line is:

snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf

See: SNORT_USAGE which gets posted to this list once a week...



HTH..


- John

-- 
The web page you seek
cannot be found here:
countless others await



Edwin Pua wrote:

> Hi,
> 
>  How will i enable my snort rules to communicate with snort.conf file 
> and run in NIDS mode?
> 
>  I edited my snort.conf file to call my snort rules under 
> /etc/snort/ddos.rules, /etc/snort/porn.rules, etc.
>   The default before in the snort.conf file is without the/etc/snort 
> path. Is this right to enable my snort rules?
> 
> 
> # under /etc/snort/snort.conf
> 
> include /etc/snort/bad-traffic.rules
> include /etc/snort/ddos.rules
> include /etc/snort/porn.rules
> 
>   Thanx in advace.
> 
> rgds,
> Edwin






More information about the Snort-users mailing list