How to use SNORT?

shoombool_tala · 04-14-2004, 02:06 PM

Hi,
I installed Snort, but i have no clue how it works. As a normal user i ran "snort -D" and also i configured /etc/snort/snort.conf . So now what? It just sits in the background and logs all the traffic? and also where does it keep track of all the info and logs and attacks? /var/log/snort/ ??? and also does it pop up saying there is a attack or something.. or do i have to check the files myself on regular bases?

thanks a lot

ugge · 04-14-2004, 02:08 PM

Have you taken a look in the documentation. There it speek about the three dufferent modes that snort can be run in. In addition there are documentation on how to configure and monitor the result.
www.snort.org

71Monte · 04-21-2004, 09:12 AM

Check out this book on Snort. It is great and comes with source and lots of tips.

http://www.amazon.com/exec/obidos/tg...books&n=507846

Ian

NoSS · 05-13-2004, 10:34 PM

Can I have the pdf file of that book ??

unSpawn · 05-14-2004, 01:49 AM

Can I have the pdf file of that book ??
You're asking for a free copy of something commercial. That's close enough to asking for warez. Please don't do that on LQ. There's enough Snort/IDS docs on the 'net you could start with.

NoSS · 05-16-2004, 11:22 PM

Sorry.
Well, If there is free ebook about snort with easy tutorial. Can I have the URL ???