Posted by: Dan O'Connor
configure snort, ids, snort
Now with Snort installed we need to do configuration and get some rules.
Make sure to setup your HOME_NET and configure any additional paths for your rule sets.
Go to snort.org and create an account, then get an oinkcode. Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.
fetch http://www.snort.org/reg-rules/snortrules-snapshot-<version>.tar.gz/<oink code here>
tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook
Now you need to enable snort in /etc/rc.conf and set the interface in there also.
Snort will start now, next task is to configure your logging. I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.