[Snort-users] Help newb understand how Snort is supposed to run.

Chris W. Parker cparker at ...13453...
Wed Aug 24 15:21:20 EDT 2005


Patrick Harper <mailto:patrick at ...4250...>
    on Wednesday, August 24, 2005 2:52 PM said:

> What are you expecting to do with the data and what are you going got
> use to analyze it? just wanted to make sure you have thought about
> it.

My intent is to get a better idea of what kind of traffic is traversing
my network. I don't know what kind of attacks I'm on the look out for
but I was hoping Snort would let me know (using the rule files). Of
course I expect to learn more as I go along.

> If you want to log binary then throw the right switch's, use the
> init script to crank it up on boot.

Where is the init script and what is it? I did 'locate init|grep snort'
but didn't get anything back.

> I would suggest trying mysql and
> base to get used to it, Sguil if you want more in depth analysis of
> your packets.  But you need a little more configuration.

At the suggestion of another user (off list) I am trying to get it to
work with MySQL and ACID (so far so good but I'm not quite done yet).

> There are
> guides on snort.org for most OS's and config types, they will help
> you with what files go where

I'm going through the ACID and MySQL setup doc right now.

> , and the mailing list is probably the
> best place to get faster answers.

Good. :)


Thanks,
Chris.




More information about the Snort-users mailing list