[Snort-users] Help newb understand how Snort is supposed to run.
Chris W. Parker
cparker at ...13453...
Wed Aug 24 15:21:20 EDT 2005
Patrick Harper <mailto:patrick at ...4250...>
on Wednesday, August 24, 2005 2:52 PM said:
> What are you expecting to do with the data and what are you going got
> use to analyze it? just wanted to make sure you have thought about
My intent is to get a better idea of what kind of traffic is traversing
my network. I don't know what kind of attacks I'm on the look out for
but I was hoping Snort would let me know (using the rule files). Of
course I expect to learn more as I go along.
> If you want to log binary then throw the right switch's, use the
> init script to crank it up on boot.
Where is the init script and what is it? I did 'locate init|grep snort'
but didn't get anything back.
> I would suggest trying mysql and
> base to get used to it, Sguil if you want more in depth analysis of
> your packets. But you need a little more configuration.
At the suggestion of another user (off list) I am trying to get it to
work with MySQL and ACID (so far so good but I'm not quite done yet).
> There are
> guides on snort.org for most OS's and config types, they will help
> you with what files go where
I'm going through the ACID and MySQL setup doc right now.
> , and the mailing list is probably the
> best place to get faster answers.
More information about the Snort-users