Re: Snort config
On Wed, 16 May 2001, Oki DZ wrote:
>Hi,
>
>I have the following:
>okidz@bdg:~$ more /etc/snort/snort.conf
^^^^^^^^^^^^^^^^^^^^^
Expect changes when woody freezes: the file you reference is
snort.debian.conf in testing/unstable...snort.conf is a real snort.conf
(more in line with the upstream...)
># This file is used for options that are changed by Debian to leave
># the original lib files untouched.
># You have to use "dpkg-reconfigure snort" to change them.
>
>DEBIAN_SNORT_STARTUP=boot
>DEBIAN_SNORT_HOME_NET="192.168.1.x/32"
^^^^^^^^^^^^^^^^
Mine shows the routable interface's IP here: is this a munge or your NAT?
>DEBIAN_SNORT_OPTIONS=" -i eth0"
^^^^
is eth0 your ISP-connected NIC?
>DEBIAN_SNORT_STATS_RCPT="root"
^^^^^
Change this just on principle: using root to check system email is just
another thing you can do as a user and not have to be logged in as root so
much...
>DEBIAN_SNORT_STATS_TRESHOLD="1"
>
>How can I set Snort so that it monitors the other IP address (on the NIC
>that connected to my ISP)? Executing dpkg-reconfigure snort basically
>does nothing (apparently).
hmmm... Probably you have the questions threshold too high is my first
guess
>TIA,
>Oki
>
>
>
--
<a mailto:galt@inconnu.isu.edu>Who is John Galt?</a>
Failure is not an option. It comes bundled with your Microsoft product.
-- Ferenc Mantfeld
Reply to: