Configure Snort Firewalls
Firewall Analyzer supports most versions of Snort.
Configure Snort Firewalls
- Shutdown the Snort server, if it is running.
- Login as root if you installed Snort in Linux machine.
- In snort.conf file (available at /etc/snort/snort.conf in Linux and C:\Snort\etc\snort.conf in Windows) uncomment the line that contains output information_syslog and enter the logging facility and the desired detail level (for example: output alert_syslog:host=hostname:port, LOG_AUTH LOG_ALERT)
- Add the line
config show_year
to ensure that year has been included in the alerts generated by Snort.
- Save and exit the snort.conf file.
- In Linux(only) edit the syslog.conf file in the /etc directory.
- Append
*.* @<server_name>
at the end, where <server_name>
is the name of the machine on which Firewall Analyzer is running.
- Save the configuration and exit the editor.
- Restart the syslog service on the host using the command:
/etc/rc.d/init.d/syslog restart
- Restart the Snort server with -M option.