[Snort-users] snort on OSSIM

Kaushal Shriyan kaushalshriyan at ...11827...
Wed Mar 17 06:03:53 EDT 2010

On Wed, Mar 17, 2010 at 12:11 AM, Crook, Parker <Parker_Crook at ...14786...> wrote:
> Kaushal,
> Ray is correct - I was using Snort on OSSIM for a quite a while and the snort files are located in /etc/snort.  As far as tuning snort, you would still need to define your variables in the snort.ethX.conf file, where ethX is the configuration file Snort will use for the respective interface.
> As far as configuring goes, there is a snort.debian.conf file that you can use to set some of your options (example contents below):
> #this sets $HOME_NET in command-line call - leave empty if $HOME_NET is set #in you config file, else, define here.
> #listen on eth1, eth2, and eth3 - starts multiple instances of snort, using #their respective config files
> DEBIAN_SNORT_INTERFACE="eth1,eth2,eth3"
> #use Berkley Packet Filter file
> Now, stepping outside of talking about Snort, if you are using OSSIM in all-in-one mode, then your output module for Snort should already be configured and logging to your database out of the box (otherwise you will need to setup the sensor->server communication channel in the OSSIM configs).  You can view alerts from Snort on the webpage under Events->Alerts I believe...
> Hope this helps,

Hi Parker Crook

I have installed OSSIM 2.2 on my server. basically i have configured
snort at the backend using

I am using oinkmaster to update snort rules.

Basically is there a way to look at the web interface to view or
configure or view snort configs which has been configured in the

Please suggest/guide.

Thanks and Regards,


More information about the Snort-users mailing list