[Snort-users] Role of snort.conf regarding rules? (noob)

Erek Adams erek at ...950...
Wed Apr 30 07:54:03 EDT 2003


On Wed, 30 Apr 2003, stormshadow wrote:

> >From what I've read on the faqs, all the rule sets for IDS mode have to
> be made in the snort.conf file?  Is this how many of you are running
> snort?
> Hence the example in the FAQs:
>
> "./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
> Where snort.conf is the name of your rules file. This will apply the
> rules set in the snort.conf file to each packet to decide if an action
> based upon the rule type in the file should be taken."
>
> So does this mean any rules should be made directly in the snort.conf
> file? (adding/editing rules etc). Or, can the "snort.conf"  be
> substituted with any rule set you have?
>  (EX: snort -d 172.16.0.9/3 log -c rule_file_here)
>
> I guess I'm confused on what role snort.conf plays in rules.
> What exactly should be done to the snort.conf?

Go look at the file.  It's included as <snortdir>/etc/snort.conf.

You can see from the file that you use a part of the snort.conf for
configuration of snort for your network.  Another contains preprocessors
that you want.  Another contains output plugins, and a final contains the
rules that you want to load and run.

Check the second chapter of the manual.  That entire chapter covers each
bit and part of the snort.conf file.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list