[Snort-users] AW: (Snort-users) Newbie Question..

sandro.poppi at ...3316... sandro.poppi at ...3316...
Tue Jan 15 23:07:03 EST 2002


Morning Edwin,

> Hi John,
>
> Thanx for the clarification.
>
> Btw, i would like to view the logs properly in my snort box
> using some
> statistical tools like ACID and SnortSnarf. Is possible to
> run these tools
> in the same snort box just for testing? I am afraid that it
> would conflict
> to some snort config files.

This works very well on the same machine without interfering snort. If you're
monitoring more than one segment or your machine is somehow undersized it may be
a better way to use a separate pc with those tools and the underlying database
and make snort log to the remote db.

> Any suggestion?

You might also want to have a look at my HOWTO at www.linuxdoc.org or
www.lug-burghausen.org/projects/index.html#snort-stat.

Ciao,
Sandro
>
> >From: John Sage <jsage at ...2022...>
> >To: Edwin Pua <edwin1118 at ...125...>
> >CC: bmc at ...950..., snort-users at lists.sourceforge.net
> >Subject: Re: [Snort-users] Newbie Question..
> >Date: Tue, 15 Jan 2002 21:17:47 -0800
> >
> >Edwin:
> >
> >It seems you're specifying the full path to your snort rules with
> >/etc/snort/ddos.rules etc etc...
> >
> >That should work just fine.
> >
> >The default syntax in snort.conf assumes that when snort is
> invoked, it
> >will find snort.conf in the directory which also contains
> the rules, so
> >really it's not necessary to specify the path to the rules in
> >snort.conf, but there shouldn't be any harm in doing so...
> >
> > >  How will i enable my snort rules to communicate with
> snort.conf file
> > > and run in NIDS mode?
> >
> >hmm.. not sure what you mean by this: I'd say that
> snort.conf needs to
> >know where to find the rules, but the rules don't communicate with
> >snort.conf, so much as with snort itself...
> >
> >
> >The basic NIDS command line is:
> >
> >snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf
> >
> >See: SNORT_USAGE which gets posted to this list once a week...
> >
> >
> >
> >HTH..
> >
> >
> >- John
> >
> >--
> >The web page you seek
> >cannot be found here:
> >countless others await
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list