[Snort-users] Setting up simple LAN-sniffing for bad signatures?

PattiMichelle miche1 at ...741...
Fri Jan 2 16:18:48 EST 2015


Dear Snort Users:  I'm trying to figure out how to set up Snort on my 
Opensuse 13.1x64 system to sniff (and log) instances of "bad" network 
traffic (via snort signature database).  It seems tricky to get this 
going.  There are websites which gave me enough information to get the 
sniffer operational, but I can't seem to figure out how to get to read a 
database of bad signatures, and log only those bad ones.  Does anyone 
have a simple DIY for this?  I'm not trying to set up an alarm or 
automatic response system.  Just to have a logfile available to look at 
from time to time, or maybe diff occasionally.

Also, is it necessary to run snort in a virtual machine as a "sandbox," 
or else to have two NICs, one for normal LAN traffic and the other for 
Snort?

Thank You Very Much,
Patricia


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150102/1aab7b67/attachment.html>


More information about the Snort-users mailing list