Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Help newb understand how Snort is supposed to run.

from [Patrick Harper] Network Security [Permanent Link]
Subject: RE: [Snort-users] Help newb understand how Snort is supposed to run.
Date: Thu, 25 Aug 2005 02:05:39 -0500 
The init script is in the dir that you un-tar'd the snort source in.  Or a
better one in my opinion is at http://www.ntsug.org/downloads/snort  it was
written by our own wonderful Paul Schmehl of the NTSUG group www.ntsug.org
and of UTD fame.

The doc for CentOS, RHEL, and FC is a pretty good starting point, but I may
be a little biased in that thinking.  I will be updating it for all the
latest versions and adding an oinkmaster, barnyard, and sguil doc to the mix
to it starting this week.

Also, anyone in the Dallas area that wants to learn more about rules free up
Saturday the 10th of September for the NTSUG meeting.  David Thomason of
Sourcefire will be giving a talk the subject, more info to be found at
http://www.ntsug.org/meetings.html, hope to see ya there. 



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

Just because your paranoid, doesn't mean they're not out to get you 




 
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Chris W.
Parker
Sent: Wednesday, August 24, 2005 5:20 PM
To: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Help newb understand how Snort is supposed to
run.

Patrick Harper <mailto:patrick@internetsecurityguru.com>
    on Wednesday, August 24, 2005 2:52 PM said:


What are you expecting to do with the data and what are you going got
use to analyze it? just wanted to make sure you have thought about
it.


My intent is to get a better idea of what kind of traffic is traversing
my network. I don't know what kind of attacks I'm on the look out for
but I was hoping Snort would let me know (using the rule files). Of
course I expect to learn more as I go along.


If you want to log binary then throw the right switch's, use the
init script to crank it up on boot.


Where is the init script and what is it? I did 'locate init|grep snort'
but didn't get anything back.


I would suggest trying mysql and
base to get used to it, Sguil if you want more in depth analysis of
your packets.  But you need a little more configuration.


At the suggestion of another user (off list) I am trying to get it to
work with MySQL and ACID (so far so good but I'm not quite done yet).


There are
guides on snort.org for most OS's and config types, they will help
you with what files go where


I'm going through the ACID and MySQL setup doc right now.


, and the mailing list is probably the
best place to get faster answers.


Good. :)


Thanks,
Chris.


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Almost there! Complaining about no MySQL support after recompiling with --with-mysql, Chris W. Parker
Next by Date:  [Snort-users] Portscan, Nils Fragoso
Previous by Thread:  RE: [Snort-users] Help newb understand how Snort is supposed to run., Chris W. Parker
Next by Thread:  Re: [Snort-users] Help newb understand how Snort is supposed to run., John C. Silvia
Indexes:  [Date] [Thread] [Top] [All Lists]