[Snort-users] Policy-Based monitoring

Kaplan, Andrew H. AHKAPLAN at ...10063...
Wed Oct 13 05:54:59 EDT 2004


Hi there --

I got Snort to operate successfully and alerts are appearing on the ACID
console. My next step is to refine the monitoring, and to that end the approach
that I was planning on taking was using a policy-based.rules file. I will be
modifying the snort.conf file to include the line: include
$RULE_PATH/policy-based.rules.

The questions I have are, does the position of the new line matter? Should I put
the new line at the beginning of the include statements or after them? Also,
besides
adding the line is there anything else that I need to do to Snort, or is simply
adding the above line sufficient? Thanks.




More information about the Snort-users mailing list