Snort 1.7 was put into contribs if I recall.. I made the rpm for it. as for
the config I would look in /etc/snort/snort.conf Also there are docs
in /usr/share/doc/snort-1.7 if I recall. As for the Network card
you want it to listen on go to
/etc/rc.d/init.d/snortd and edit that file there is a few lines like this
# Specify your network interface here
INTERFACE=eth0
edit to make it work on the interface you want...
-John
> OK, I've got Snort installed and I think it is runnig. It is generating
logs.
> I have a few questions questions.
>
> 1. How can I test it? I've tried running a port scanner against it and
> IDSwakeup but neither one of them gernerate any log entries.
>
> 2. How do I configure it? I did go in and change the Ethernet port that it
> was watching. ETH1 is my external port and it installed as monitoring
eth0. I
> don't see any snort.conf file anywhere as is referenced in the
documentation.
> Where do I configure the notification method etc?
>
> 3. I tried updating the rules set to the latest vision rules but I think
it
> bombs out when I use them. I noticed that Snort doesn't show up in the "ps
x"
> command but after installing the new rules the logs sit there with nothing
> being added to them. Then wheh I do a "snortd restart" it says "failed"
when
> shutting snort down. I go back to the old vision rules and it works fine.
> Anyone have any ideas? Should I download the latest version of snort and
> install it over the old one? Will the latest version be in the next
firewall
> beta?
