RE: [Snort-users] Snort questions

This is a multi-part message in MIME format.

------=_NextPart_000_001A_01C4627A.24ED4C40
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

most of your questions will be answered by the install guides on the
snort.org website. I wrote one for Redhat 9, and have updates for fedora
core 1 (it will work with core 2 is you use the RPM's at the site I mention
on my docs page) The RPM's are very stable, I have had no problems with
them. Openaanval does some decent reporting (the install is included as
part of my core 1 install doc) and you will find other front ends on the
snort.org site. I use oinkmaster to update, I have it to check everyday or
you can just run it as you desire. it is a Perl script so make sure you
have Perl installed (most Linux systems do). I update snort as soon as I
test it on a test box and make sure it does not break my installs. Hope
that helps.



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"



hi

I have following questions..hope that would help many people out there

where can I get the names and versions of all the software (e.g. libpcap)
required by snort ?
It is mentioned that snort has a 'very small footprint' what is the size of
the footprint ?
whether snort RPMs are stable and what are the pros and cons of using RPM
over compiling from source ?
how to prepare reports from snort logs ?
what is the best method of rules updation ?
how frequently do I need to upgrade snort ?
any suggestions for backup strategy ?

regards,

shashank



---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004


------=_NextPart_000_001A_01C4627A.24ED4C40
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DWindows-1252">


<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR></HEAD>
<BODY>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D750251315-05072004>most of your questions will be answered by =
the install=20
guides on the snort.org website.&nbsp; I wrote one for Redhat 9, and =
have=20
updates for fedora core 1 (it will work with core 2 is you use the RPM's =
at the=20
site I mention on my docs page)&nbsp; The RPM's are very stable, I have =
had no=20
problems with them.&nbsp; Openaanval does some decent reporting (the =
install is=20
included as part of my core 1 install doc) and you will find other front =
ends on=20
the snort.org site.&nbsp; I use oinkmaster to update, I have it to check =

everyday or you can just run it as you desire.&nbsp; it is a Perl script =
so make=20
sure you have Perl installed (most Linux systems do).&nbsp; I update =
snort as=20
soon as I test it on a test box and make sure it does not break my=20
installs.&nbsp; Hope that helps.</SPAN></FONT></DIV><!-- Converted from =
text/plain format --><BR><BR>
<P><FONT size=3D2>Patrick S. Harper | CISSP RHCT=20
MCSE<BR>www.internetsecurityguru.com<BR><BR>www.ntsug.org - Snort Users=20
Group<BR><BR>"If there is no light at the end of the tunnel, get down =
there and=20
light the damn thing yourself!"<BR>&nbsp;</FONT> </P>
<DIV>&nbsp;</DIV>
<DIV></DIV><FONT face=3Dsans-serif size=3D2>hi </FONT><BR><BR><FONT =
face=3Dsans-serif=20
size=3D2>I have following questions..hope that would help many people =
out=20
there</FONT> <BR><BR><FONT face=3Dsans-serif size=3D2>where can I get =
the names and=20
versions of all the software (e.g. libpcap) &nbsp;required by snort =
?</FONT>=20
<BR><FONT face=3Dsans-serif size=3D2>It is mentioned that snort has a =
'very small=20
footprint' what is the size of the footprint ?</FONT> <BR><FONT =
face=3Dsans-serif=20
size=3D2>whether snort RPMs are stable and what are the pros and cons of =
using RPM=20
over compiling from source ?</FONT> <BR><FONT face=3Dsans-serif =
size=3D2>how to=20
prepare reports from snort logs ?</FONT> <BR><FONT face=3Dsans-serif =
size=3D2>what=20
is the best method of rules updation ?</FONT> <BR><FONT =
face=3Dsans-serif=20
size=3D2>how frequently do I need to upgrade snort ?</FONT> <BR><FONT=20
face=3Dsans-serif size=3D2>any suggestions for backup strategy ?</FONT>=20
<BR><BR><FONT face=3Dsans-serif size=3D2>regards,</FONT> <BR><BR><FONT=20
face=3Dsans-serif size=3D2>shashank<BR></FONT><BR>
<P><FONT size=3D2>---<BR>Incoming mail is certified Virus =
Free.<BR>Checked by AVG=20
anti-virus system (http://www.grisoft.com).<BR>Version: 6.0.715 / Virus=20
Database: 471 - Release Date: 7/4/2004<BR></FONT></P>
<P><FONT face=3DArial size=3D2></FONT></P></BODY></HTML>
<BR>

<P><FONT SIZE=3D2>---<BR>
Outgoing mail is certified Virus Free.<BR>
Checked by AVG anti-virus system (http://www.grisoft.com).<BR>
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004<BR>
</FONT> </P>

------=_NextPart_000_001A_01C4627A.24ED4C40--



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users