LinuxQuestions.org - !Snort<->Newbie

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - !Snort<->Newbie (https://www.linuxquestions.org/questions/linux-security-4/snort-newbie-112304/)

Hi guys... this gonna be boring, I'm sorry.
I'm new to this snort thing and I need some advices.
I've read some documents about it but my spare time is so insignificant I can't actually catch a single line.
I know this is a VERY open question, so here's the point: could anyone post a very basic snort configuration example (or it's URL)?
Using it, I'll be able to use the documentation to implement a conf myself.
Thank you very much!

Please run snort from the commandline with the config and arguments you usually supply, and add the "-T" flag, and dump the results to a file called /tmp/snort-test.log. Example: "/path/to/snort -c /etc/snort.conf -i eth0 -flags -flags -etc -etc -T 2>&1|tee /tmp/snort-test.log". If snort failed the test and you can't make it work, post the contents of /tmp/snort-test.log and post your snort.conf.

If you post your snort.conf, put in fake IP's where necessary, and tell us which services you provide/run. I'm sure we can help you make it work.