Thu Nov 23 16:36:19 EST 2017
be made in the snort.conf file? Is this how many of you are running
Hence the example in the FAQs:
"./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
Where snort.conf is the name of your rules file. This will apply the
rules set in the snort.conf file to each packet to decide if an action
based upon the rule type in the file should be taken."
So does this mean any rules should be made directly in the snort.conf
file? (adding/editing rules etc). Or, can the "snort.conf" be
substituted with any rule set you have?
(EX: snort -d 172.16.0.9/3 log -c rule_file_here)
I guess I'm confused on what role snort.conf plays in rules.
What exactly should be done to the snort.conf?
More information about the Snort-users