Irregular Expressions » configure snort http://itknowledgeexchange.techtarget.com/Irregular-Expressions Insight into current security related events and exploits, including virtualization security and tips. Sun, 28 Apr 2013 08:00:32 +0000 en-US hourly 1 Building a snort sensor – part 2 http://itknowledgeexchange.techtarget.com/Irregular-Expressions/building-a-snort-sensor-part-2/ http://itknowledgeexchange.techtarget.com/Irregular-Expressions/building-a-snort-sensor-part-2/#comments Mon, 31 Jan 2011 20:15:10 +0000 Dan O'Connor http://itknowledgeexchange.techtarget.com/Irregular-Expressions/?p=495 Now with Snort installed we need to do configuration and get some rules.

cd /usr/local/etc/snort/

Make sure to setup your HOME_NET and configure any additional paths for your rule sets.

Go to snort.org and create an account, then get an oinkcode.  Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.

fetch http://www.snort.org/reg-rules/snortrules-snapshot-<version>.tar.gz/<oink code here>

Next unpack,

tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook

Now you need to enable snort in /etc/rc.conf and set the interface in there also.

snort_enable="YES"
snort_interface="int"

Snort will start now, next task is to configure your logging.  I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.

]]> http://itknowledgeexchange.techtarget.com/Irregular-Expressions/building-a-snort-sensor-part-2/feed/ 0