38
Chapter 2     Installing Snort and Getting Started
4. Create a directory /opt/snort/rules and copy default rule files to /opt/
snort/etc directory. The path of this directory is mentioned in the main
snort.conf file and you can create a directory of your own choice if you like.
The steps are explained below in detail.
First, create a directory /var/log/snort where Snort will keep its log files.
You can use any other directory for this purpose but this is the usual place to store Snort
log data files. If you want to use any other directory, you have to use command line
option  l when starting Snort.
Secondly, you have to create the Snort configuration file. When Snort starts, it can
read its configuration, which is snort.conf, from the current directory or from
.snortrc in the home directory of the user who launched Snort. If this file is present
in some other directory, you can also use the  c option on the command line to specify
the name of the rules file. As a starting point, create a directory /opt/snort/etc
directory and copy the snort.conf file that came with the Snort source code files.
Copy  classification.config and reference.config files to /opt/
snort/etc  directory. These files are included in the main snort.conf file. Also
copy all files from the rules directory of the source code tree  to /opt/snort/rules
directory. To perform these actions, you can use the following sequence of commands:
3
mkdir /opt/snort/etc
cp /opt/snort 1.9.0/etc/snort.conf /opt/snort/etc
cp /opt/snort 1.9.0/etc/classification.config /opt/snort/etc
cp /opt/snort 1.9.0/etc/reference.config /opt/snort/etc
mkdir /opt/snort/rules
cp /opt/snort 1.9.0/rules/* /opt/snort/rules
Files in the rules directory end with .rules and contain different rules. These
files are included inside the snort.conf file. The location of these rule files is con 
trolled by the RULE_PATH variable defined in snort.conf file. A typical definition
of this variable in the snort.conf file is as follows:
var RULE_PATH ../rules
This means that rule files are located in a directory named  rules . The path ../
rules is with reference to the location of snort.conf file. For example, if
snort.conf file is located in the /opt/snort/etc directory, all rule files should
be present in the /opt/snort/rules directory. As another example, if
snort.conf  file is present in the /var/snort directory, rules files must be
3.
 Note that you must have root access to run these commands.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved