Snort Implimentation

Sie

Just waiting on last part for my *nix system and was planning what packages etc will be installed.

My question is: How user friendly is snort? Will it take me days to work out and impliment or will it be fairly straight forward to use generally without to many user defined rules.

Im just looking through the documentation now and it doesnt look too bad just looking for input from people who have used it / are using it.

Cheers as always guys

PS: What distro did you run it from and was there any compatibilty issues etc.

Paul Boz

I run snort via the auditor live CD, who's logo happens to be the same for this book:

http://www.amazon.com/Penetration-Testers-Open-Source-Toolkit/dp/B000FBHNGI

I recommend it.

rossonieri#1

hi Sie,

there 2 distros of Snort :
1 that from this : http://www.snort.org
2 from this : http://snort-inline.sourceforge.net

the 1 that came from snort.org can be run as IDS/sniff and IPS/inline,
and the one that came from snort_inline which only runs in IPS/inline mode - incorporates a little different signature and config from the snort.org release.

by default Snort runs in GUI - unless you want to manage it with IDS Policy Manager from this : http://www.activeworx.org/programs/idspm

there are many graphical stat utility like BASE, ACID etc.

ps :

if you want to try inline - heres the link to great docs :

part I : http://linuxgazette.net/117/savage.html
part II : http://linuxgazette.net/118/savage.html

cheers.