Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > Building a snort sensor – part 2

>>VIEW ALL POSTS

Irregular Expressions

Jan 31 2011 3:15PM GMT

Building a snort sensor – part 2

Posted by: Dan O'Connor

configure snort, ids, snort

Now with Snort installed we need to do configuration and get some rules.

cd /usr/local/etc/snort/

Make sure to setup your HOME_NET and configure any additional paths for your rule sets.

Go to snort.org and create an account, then get an oinkcode. Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.

fetch http://www.snort.org/reg-rules/snortrules-snapshot-<version>.tar.gz/<oink code here>

Next unpack,

tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook

Now you need to enable snort in /etc/rc.conf and set the interface in there also.

snort_enable="YES"

snort_interface="int"

Snort will start now, next task is to configure your logging. I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

Building a snort sensor – part 2

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts