Help with SNORT
-
Hello,
I am new to snort and am not sure how to properly configure it. I am running PfSence 2.0 RC3 i386 with the latest updates. Can someone give me some screen shots and help with a good solid configuration for my WAN? I have read through the documentation on the Snort and PFsence site, but most if not all of it is for a command line config and not the Pfsence gui. Please help!
Thanks.
-
First of all, you need to create an oincmaster code at snort site and then paste it at pfsense gui to be able to download snort rules.
Second step is to update snort rules at gui.
third step is to tell snort about your network, setting up who is your dns server web server, etc etc.
fourth step is 'assign' a interface to snort listen on and choose a set of rules you will apply on it.
Note that you must know a lot of tcp/ip and Networking to understand what snort does and how to setup it correctly.
att,
Marcello Coutinho -
Hi, I'm also new to snort…
I'm just wondering if there is any easier way to search for a rule.
I have a lot of them and when I want to review one upon an alert,
I have to do find the matching one by hand.. The same with suppression....
