[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort config

On Wed, 16 May 2001, Oki DZ wrote:

>Hi,
>
>I have the following:
>okidz@bdg:~$ more /etc/snort/snort.conf
                   ^^^^^^^^^^^^^^^^^^^^^
Expect changes when woody freezes: the file you reference is
snort.debian.conf in testing/unstable...snort.conf is a real snort.conf
(more in line with the upstream...)

># This file is used for options that are changed by Debian to leave
># the original lib files untouched.
># You have to use "dpkg-reconfigure snort" to change them.
>
>DEBIAN_SNORT_STARTUP=boot
>DEBIAN_SNORT_HOME_NET="192.168.1.x/32"
                       ^^^^^^^^^^^^^^^^
Mine shows the routable interface's IP here: is this a munge or your NAT?

>DEBIAN_SNORT_OPTIONS=" -i eth0"
                           ^^^^
is eth0 your ISP-connected NIC?

>DEBIAN_SNORT_STATS_RCPT="root"
                          ^^^^^
Change this just on principle: using root to check system email is just
another thing you can do as a user and not have to be logged in as root so
much...

>DEBIAN_SNORT_STATS_TRESHOLD="1"
>
>How can I set Snort so that it monitors the other IP address (on the NIC
>that connected to my ISP)? Executing dpkg-reconfigure snort basically
>does nothing (apparently).

hmmm...  Probably you have the questions threshold too high is my first
guess

>TIA,
>Oki
>
>
>

-- 
<a mailto:galt@inconnu.isu.edu>Who is John Galt?</a>

Failure is not an option. It comes bundled with your Microsoft product.
	-- Ferenc Mantfeld
Reply to: