[Snort-users] Newbie needs help!!
mkettler at ...4108...
Mon Mar 18 10:32:04 EST 2002
Personally I set up snortsnarf to run as a cron job at daily intervals
right before I rotate my snort logfiles. My setup isn't exactly "clean" in
that I've got snortsnarf.pl installed into my snort log directory, but it
is sufficient for my needs. This causes the snortsnarf output to be in a
snfout.alert subdirectory under my snortlogs.
To add some level of security to this "not very clean" setup I've got snort
running in a chroot home directory, and I'm using thttpd as my webserver
and it is chdired/chrooted into the snortsnarf output directory directory.
You could also install snortsnarf someplace completely different, specify
full paths to your snort alert files, and use snortsnarf's -d option to set
where the output goes (it would be a much cleaner thing to do and much
safer if the idea of chrooting daemons confuses you).
I run the following bash script as a cron job:
nice ./snortsnarf.pl alert alert.1 portscan.log portscan.log.1
and my thttpd startup looks like this:
/usr/local/sbin/thttpd -d /home/snort/var/log/snort/snfout.alert -r
I really should also be using the -rulesfile -rulesdir options to
snortsnarf, my setup works well enough for the moment, but it is on my
At 08:32 PM 3/17/2002 -0800, lsd kuyeh wrote:
>Dear all Snort-User,
>I downloaded SnortSnarf and I am not expert in Snort.
>I am confused because I don't know how to run
>SnortSnarf although my Apache is ready.
>Can anyone tell me the procedure and commands to
>enable my SnortSnarf to run? I already tried for weeks
>but no result too.
More information about the Snort-users