[Snort-users] Help on fresh snort...

Joel Esler jesler at ...1935...
Wed Feb 10 09:36:24 EST 2010


Self plug:

http://blog.joelesler.net/2006/12/the-snort-top-10.html

Top 10 things need to be done with Snort. (assembled from people that haven't done them).

Also this post:

http://blog.joelesler.net/2009/01/snort-is-up-and-running-now-what.html

Joel


On Feb 10, 2010, at 9:17 AM, Bob Marley wrote:

>  
> Thanx Alex for the insight, 
> BM
>  
> 
> --- On Wed, 2/10/10, Alex Kirk <akirk at ...1935...> wrote:
> 
> From: Alex Kirk <akirk at ...1935...>
> Subject: Re: [Snort-users] Help on fresh snort...
> To: "Sandro guly Zaccarini" <guly at ...14592...>
> Cc: "Bob Marley" <cyroscholar at ...131...>, snort-users at ...973...et
> Date: Wednesday, February 10, 2010, 8:38 PM
> 
> Bob,
> 
> While Sandro is correct - reading the manual will get you the farthest - here are a few things that are important to focus on (assuming that you already have Snort compiled/installed, and are just trying to get it doing its job):
> 
> * Review your configuration and make sure things are tuned for your local environment. Setting the $HOME_NET variable to include IPs for your local network, setting your $RULE_PATH variable to a directory that contains Snort rules, choosing the output method that works best for your environment, etc. are all very important things to do.
> 
> * Make sure you've actually got a set of rules for Snort to use that's reasonably up-to-date. You can get free rules by registering at Snort.org.
> 
> * Choose an appropriate place to deploy Snort on your network that will ensure maximum visibility. You probably want it inside a firewall, since the Internet is a noisy place, but other than that, pass as much traffic to your Snort box as it can handle.
> 
> If you have more specific questions moving forward, feel free to send questions to the list.
> 
> On Wed, Feb 10, 2010 at 4:10 AM, Sandro guly Zaccarini <guly at ...14592...> wrote:
> On Wed, Feb 10, 2010 at 12:53:50AM -0800, Bob Marley wrote:
> > All,
> >
> >
> > Need help on deploying snort on dapper for the first time. I read the manual
> > and it's really frustrating. can someone key in on the most important things
> > to do... please
> 
> the most important thing is to read the manual.
> 
> sz
> --
>  /"\   taste your favourite IT consultant
>  \ /   gpg public key http://www.guly.org/guly.asc
>   X
>  / \
> 
> 
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -- 
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
> 
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Joel Esler
302-223-5974





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100210/a7dd091d/attachment.html>


More information about the Snort-users mailing list