[Snort-users] Help on fresh snort...

Alex Kirk akirk at ...1935...
Wed Feb 10 08:38:09 EST 2010


Bob,

While Sandro is correct - reading the manual will get you the farthest -
here are a few things that are important to focus on (assuming that you
already have Snort compiled/installed, and are just trying to get it doing
its job):

* Review your configuration and make sure things are tuned for your local
environment. Setting the $HOME_NET variable to include IPs for your local
network, setting your $RULE_PATH variable to a directory that contains Snort
rules, choosing the output method that works best for your environment, etc.
are all very important things to do.

* Make sure you've actually got a set of rules for Snort to use that's
reasonably up-to-date. You can get free rules by registering at Snort.org.

* Choose an appropriate place to deploy Snort on your network that will
ensure maximum visibility. You probably want it inside a firewall, since the
Internet is a noisy place, but other than that, pass as much traffic to your
Snort box as it can handle.

If you have more specific questions moving forward, feel free to send
questions to the list.

On Wed, Feb 10, 2010 at 4:10 AM, Sandro guly Zaccarini <guly at ...14592...>wrote:

> On Wed, Feb 10, 2010 at 12:53:50AM -0800, Bob Marley wrote:
> > All,
> >
> >
> > Need help on deploying snort on dapper for the first time. I read the
> manual
> > and it's really frustrating. can someone key in on the most important
> things
> > to do... please
>
> the most important thing is to read the manual.
>
> sz
> --
>  /"\   taste your favourite IT consultant
>  \ /   gpg public key http://www.guly.org/guly.asc
>   X
>  / \
>
>
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100210/6e57ccdd/attachment.html>


More information about the Snort-users mailing list