[Snort-users] snort on OSSIM

Kaushal Shriyan kaushalshriyan at ...11827...
Wed Mar 17 06:03:53 EDT 2010


On Wed, Mar 17, 2010 at 12:11 AM, Crook, Parker <Parker_Crook at ...14786...> wrote:
> Kaushal,
>
> Ray is correct - I was using Snort on OSSIM for a quite a while and the snort files are located in /etc/snort.  As far as tuning snort, you would still need to define your variables in the snort.ethX.conf file, where ethX is the configuration file Snort will use for the respective interface.
>
> As far as configuring goes, there is a snort.debian.conf file that you can use to set some of your options (example contents below):
>
> #this sets $HOME_NET in command-line call - leave empty if $HOME_NET is set #in you config file, else, define here.
> DEBIAN_SNORT_HOME_NET="192.168.0.0/16,1.2.3.0/24"
> #listen on eth1, eth2, and eth3 - starts multiple instances of snort, using #their respective config files
> DEBIAN_SNORT_INTERFACE="eth1,eth2,eth3"
> #use Berkley Packet Filter file
> DEBIAN_SNORT_OPTIONS="-F bpf.filt"
> DEBIAN_SNORT_SEND_STATS="true"
> DEBIAN_SNORT_STARTUP="boot"
> DEBIAN_SNORT_STATS_RCPT="root"
> DEBIAN_SNORT_STATS_THRESHOLD="1"
>
> Now, stepping outside of talking about Snort, if you are using OSSIM in all-in-one mode, then your output module for Snort should already be configured and logging to your database out of the box (otherwise you will need to setup the sensor->server communication channel in the OSSIM configs).  You can view alerts from Snort on the webpage under Events->Alerts I believe...
>
> Hope this helps,

Hi Parker Crook

I have installed OSSIM 2.2 on my server. basically i have configured
snort at the backend using
http://sites.google.com/site/ossimnewbie/Home/Configure-snort

I am using oinkmaster to update snort rules.

Basically is there a way to look at the web interface to view or
configure or view snort configs which has been configured in the
backend.

Please suggest/guide.

Thanks and Regards,

Kaushal




More information about the Snort-users mailing list