Irregular Expressions

Jan 31 2011   3:15PM GMT

Building a snort sensor – part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Now with Snort installed we need to do configuration and get some rules.

cd /usr/local/etc/snort/

Make sure to setup your HOME_NET and configure any additional paths for your rule sets.

Go to and create an account, then get an oinkcode.  Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.

fetch<version>.tar.gz/<oink code here>

Next unpack,

tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook

Now you need to enable snort in /etc/rc.conf and set the interface in there also.


Snort will start now, next task is to configure your logging.  I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: