Snort mailing list archives
Re: Snort + Demarc
From: Eliezer Ramm <eramm () omnisky com>
Date: Wed, 5 Dec 2001 19:05:54 +0200
Message: 2 To: Mika Tuunanen <tuumi () sci fi> Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort + Demarc From: Chris Green <cmg () uab edu> Reply-To: snort-users () lists sourceforge net Date: Wed, 05 Dec 2001 08:38:54 -0600 Mika Tuunanen <tuumi () sci fi> writes:
Hi all..
Hi,
I installed snort + demarc and put it running.. Problem now is that it takes _all data_ and puts it in database.. (including all machines in our C class)
You probably haven't set your HOME_NET to just your IP
nope I have the same problem and I did set the HOME_NET to my IP var HOME_NET 192.168.6.0/24 currently I have it set to HOME_NET any
Could anyone throw me commented snort.conf or point to some 'n00b understandable' site? snort's own document page is gibberish to me.
I wouldn't call it gibberish but if you only want to use Snort as a IDS then I don't think it's as complete as it could be. it should be a separate doc, or quick start guide.
The default snort.conf is pretty well commented. The first chapter of the snort user's manual gives a pretty good walk through on using snort for the first time to understand it a bit more.
again it is well commented, but it is only really meaningful if you read the whole user manual. while I have Snort running I am not sure I am taking full advantage of this great software since all the various options are not clear to me. in the end I printed the README, tried running snort w/ the various options, used whisker and sneeze to generate some traffic, looked at the output, went back to the docs, tuned my options and .conf file and ran snort again till I got the results I wanted. I am interested in improving the docs but need help on where to concentrate efforts thanx. eramm -- Chris Green <cmg () uab edu> To err is human, to moo bovine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + Demarc Mika Tuunanen (Dec 04)
- Re: Snort + Demarc Chris Green (Dec 05)
- Re: Snort + Demarc Mika Tuunanen (Dec 07)
- Re: Snort + Demarc Tom Fischer (Dec 07)
- Re: Snort + Demarc Mika Tuunanen (Dec 07)
- <Possible follow-ups>
- Re: Snort + Demarc Eliezer Ramm (Dec 05)
- Re: Snort + Demarc Chris Green (Dec 05)