[Snort-users] running snort

Zachary Uram yoda at ...7272...
Wed Oct 23 19:22:02 EDT 2002


When I installed snort (as a Debian package), the config asked me how I
wanted to run it. I said to run it when I connect online (I run PPP over
dial up so I'm not always online). So I see when online I see this
process running:

snort    15188  0.0  5.2 51748 6680 ?        S    21:53   0:00
/usr/sbin/snort -D -S HOME_NET=209.166.149.242/32 -h 209.166.149.242/32
-c /etc/snort/snort.conf -l /var/log/snort/ -b -d -u snort -g snort -i
ppp0 -p -o

Now my question is how could I run snort interactively? Do I have to do
"/etc/init.d/snort stop" and then run snort from command line to do
this?

Also is there any way I can have snort alert me when there is a Priority
1 alert logged? Ideally it would mail root the relevent alert as well as
do something in X to get my attention a la xbiff - flashing icon and
sound ideally.

Zach






More information about the Snort-users mailing list