For a basic rulesets you can get them from www.snort.org
snort -D should put snort into a daemon mode and give you the terminal back then you can close it or put that line into some startup script or whatever. Otherwise you could use "snort &" if you wanted to keep the terminal around but just use it for other stuff. Hogwash is an interesting yet "young" tool that is aimed at doing different things. Just stick to snort is pretty easy to learn the basics and is very flexible. dan. > I'm a pretty new user to Linux, and I want to set up some sort of protection > for my box. I have snort installed and I'm looking for rulesets - the > problem I have is this: > > When I run snort, it runs in a terminal. How exactly do I set snort to just > run in the background, collecting unusual packets? I'm sure there must be a > way. > > Also, is Hogwash a suitable tool to use instead of/as well as snort? I need > something that is relatively simple but also effective.
