Configuring Snort
Firewall Analyzer supports most versions of Snort.
Configuring Snort
- Shutdown the Snort server, if it is running.
- Login as root if you installed Snort in Linux machine.
- In
snort.conf file (available at /etc/snort/snort.conf in linux and c:\Snort\bin\snort.conf in windows) uncomment the line that contains output information_syslog and enter the logging facility and the desired detail level (for example: output alert_syslog:host=hostname:port, LOG_AUTH LOG_ALERT )
- Add the line
config show_year to ensure that year has been included in the alerts generated by Snort.
- Save and exit the snort.conf file.
- In Linux(only) edit the syslog.conf file
in the /etc directory.
- Append
*.* @<server_name>
at the end, where <server_name>
is the name of the machine on which Firewall Analyzer is running.
- Save the configuration and exit the editor.
- Restart the syslog service on the host using the command:
/etc/rc.d/init.d/syslog restart
- Restart the Snort server with -M option.
|