[Snort-users] snort on OSSIM
Parker_Crook at ...14786...
Wed Mar 17 09:20:09 EDT 2010
I honestly don't think you can configure Snort via the OSSIM web interface -- since there are only a number of settings that are passed from the OSSIM configs to the snort.debian.conf file it would stand to reason that OSSIM itself is not reading the snort.conf file to pass it up to the webpage (since OSSIM never touches the file, but instead evokes the settings in the snort.debian.conf as command-line options).
Pretty much the only thing you can configure in the web interface for Snort is the priority and reliability of the rules.
From: Kaushal Shriyan [mailto:kaushalshriyan at ...11827...]
Sent: Wednesday, March 17, 2010 6:04 AM
To: Crook, Parker
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort on OSSIM
On Wed, Mar 17, 2010 at 12:11 AM, Crook, Parker <Parker_Crook at ...14786...> wrote:
> Ray is correct - I was using Snort on OSSIM for a quite a while and the snort files are located in /etc/snort. As far as tuning snort, you would still need to define your variables in the snort.ethX.conf file, where ethX is the configuration file Snort will use for the respective interface.
> As far as configuring goes, there is a snort.debian.conf file that you can use to set some of your options (example contents below):
> #this sets $HOME_NET in command-line call - leave empty if $HOME_NET is set #in you config file, else, define here.
> #listen on eth1, eth2, and eth3 - starts multiple instances of snort, using #their respective config files
> #use Berkley Packet Filter file
> DEBIAN_SNORT_OPTIONS="-F bpf.filt"
> Now, stepping outside of talking about Snort, if you are using OSSIM in all-in-one mode, then your output module for Snort should already be configured and logging to your database out of the box (otherwise you will need to setup the sensor->server communication channel in the OSSIM configs). You can view alerts from Snort on the webpage under Events->Alerts I believe...
> Hope this helps,
Hi Parker Crook
I have installed OSSIM 2.2 on my server. basically i have configured
snort at the backend using
I am using oinkmaster to update snort rules.
Basically is there a way to look at the web interface to view or
configure or view snort configs which has been configured in the
Thanks and Regards,
More information about the Snort-users