[Snort-users] snort on OSSIM
kaushalshriyan at ...11827...
Wed Mar 17 06:03:53 EDT 2010
On Wed, Mar 17, 2010 at 12:11 AM, Crook, Parker <Parker_Crook at ...14786...> wrote:
> Ray is correct - I was using Snort on OSSIM for a quite a while and the snort files are located in /etc/snort. As far as tuning snort, you would still need to define your variables in the snort.ethX.conf file, where ethX is the configuration file Snort will use for the respective interface.
> As far as configuring goes, there is a snort.debian.conf file that you can use to set some of your options (example contents below):
> #this sets $HOME_NET in command-line call - leave empty if $HOME_NET is set #in you config file, else, define here.
> #listen on eth1, eth2, and eth3 - starts multiple instances of snort, using #their respective config files
> #use Berkley Packet Filter file
> DEBIAN_SNORT_OPTIONS="-F bpf.filt"
> Now, stepping outside of talking about Snort, if you are using OSSIM in all-in-one mode, then your output module for Snort should already be configured and logging to your database out of the box (otherwise you will need to setup the sensor->server communication channel in the OSSIM configs). You can view alerts from Snort on the webpage under Events->Alerts I believe...
> Hope this helps,
Hi Parker Crook
I have installed OSSIM 2.2 on my server. basically i have configured
snort at the backend using
I am using oinkmaster to update snort rules.
Basically is there a way to look at the web interface to view or
configure or view snort configs which has been configured in the
Thanks and Regards,
More information about the Snort-users