!Snort<->Newbie
Hi guys... this gonna be boring, I'm sorry.
I'm new to this snort thing and I need some advices. I've read some documents about it but my spare time is so insignificant I can't actually catch a single line. I know this is a VERY open question, so here's the point: could anyone post a very basic snort configuration example (or it's URL)? Using it, I'll be able to use the documentation to implement a conf myself. Thank you very much! |
Please run snort from the commandline with the config and arguments you usually supply, and add the "-T" flag, and dump the results to a file called /tmp/snort-test.log. Example: "/path/to/snort -c /etc/snort.conf -i eth0 -flags -flags -etc -etc -T 2>&1|tee /tmp/snort-test.log". If snort failed the test and you can't make it work, post the contents of /tmp/snort-test.log and post your snort.conf.
If you post your snort.conf, put in fake IP's where necessary, and tell us which services you provide/run. I'm sure we can help you make it work. |
All times are GMT -5. The time now is 09:03 PM. |