Discussion:
[sentinix-list] Snort config
Whitehat
2004-09-02 13:17:15 UTC
Permalink
Hi
I am new to using Sentinix and find it a great distro to work with.
The only problems I have right now are that I cannot seem to find where Snortcenter gets its snort configs from. I am trying to get snort to log to a single alert file instead of numerous IP-named directories, but it does not appear to be working. I looked at the snort.conf in /etc/snort, but it seems that everything is default there! Where does snortcenter keep its output configs?

Thanks!
Gaurav Mahendru
2004-09-02 13:29:38 UTC
Permalink
you will find the config file here...

/usr/local/snort/sensor/rules

Regards,
Gaurav.
Post by Whitehat
Hi
I am new to using Sentinix and find it a great distro to work with.
The only problems I have right now are that I cannot seem to find where Snortcenter gets its snort configs from. I am trying to get snort to log to a single alert file instead of numerous IP-named directories, but it does not appear to be working. I looked at the snort.conf in /etc/snort, but it seems that everything is default there! Where does snortcenter keep its output configs?
Thanks!
_______________________________________________
SENTINIX mailing list
http://elevenprospect.com/mailman/listinfo/sentinix
--
-- Women are like elephants. I like to look at 'em, but I wouldn't
want to own one --
--
Whitehat
2004-09-02 21:45:55 UTC
Permalink
Thanks for the info!
I have another question though...
I changed the cmd file to have the command
-c /usr/local/snort/sensor/rules/snort.eth0.conf -vdel /var/log/snort

Basically I need snort to throw all the alerts in /var/log/snort/alerts or something so I can have Swatch email me on events. But Snort lists each alert under an IP directory :( What should the command be to have it use a single file?

Thanks again

Message: 2
Date: Thu, 2 Sep 2004 18:59:38 +0530
From: Gaurav Mahendru <gaurav.mahendru-***@public.gmane.org>
Subject: Re: [sentinix-list] Snort config
To: The SENTINIX Mailing List <sentinix-***@public.gmane.org>
Message-ID: <c00a4ebd0409020629a757b10-JsoAwUIsXosN+***@public.gmane.org>
Content-Type: text/plain; charset=US-ASCII

you will find the config file here...

/usr/local/snort/sensor/rules

Regards,
Gaurav.
Post by Whitehat
Hi
I am new to using Sentinix and find it a great distro to work with.
The only problems I have right now are that I cannot seem to find where Snortcenter gets its snort configs from. I am trying to get snort to log to a single alert file instead of numerous IP-named directories, but it does not appear to be working. I looked at the snort.conf in /etc/snort, but it seems that everything is default there! Where does snortcenter keep its output configs?
Thanks!
_______________________________________________
SENTINIX mailing list
http://elevenprospect.com/mailman/listinfo/sentinix
--
-- Women are like elephants. I like to look at 'em, but I wouldn't
want to own one --
--

------------------------------

_______________________________________________
SENTINIX mailing list
SENTINIX-***@public.gmane.org
http://elevenprospect.com/mailman/listinfo/sentinix


End of SENTINIX Digest, Vol 15, Issue 2
***************************************
Loading...