112
Chapter 3     Working with Snort Rules
3.7 The Snort Configuration File
Snort uses a configuration file at startup time. A sample configuration file
snort.conf is included in the Snort distribution. You can use any name for the con 
figuration file, however snort.conf is the conventional name. You use the  c com 
mand line switch to specify the name of the configuration file. The following command
uses /opt/snort/snort.conf as the configuration file.
/opt/snort/snort  c /opt/snort/snort.conf
You can also save the configuration file in your home directory as .snortrc, but
specifying it on the command line is the most widely used method. There are other
advantages to using the configuration file name as a command line argument to Snort.
For example, it is possible to invoke multiple Snort instances on different network inter 
faces with different configuration. This file contains six basic sections:
  Variable definitions, where you define different variables. These variables are
used in Snort rules as well as for other purposes, like specifying the location of
rule files.
  Config parameters. These parameters specify different Snort configuration
options. Some of them can also be used on the command line.
  Preprocessor configuration. Preprocessors are used to perform certain actions
before a packet is operated by the main Snort detection engine.
  Output module configuration. Output modules control how Snort data will be
logged.
  Defining new action types. If the predefined action types are not sufficient for
your environment, you can define custom action types in the Snort
configuration file.
  Rules configuration and include files. Although you can add any rules in the
main snort.conf file, the convention is to use separate files for rules. These
files are then included inside the main configuration file using the include
keyword. This keyword will be discussed later in this chapter.
Although the out of the box configuration file works, you need to modify it to
adapt it to your environment. A sample configuration file is presented later on.
3.7.1
Using Variables in Rules
In the configuration file, you can use variables. This is a very convenient way of cre 
ating rules. For example, you can define a variable HOME_NET in the configuration file.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved