Re: [Snort-users] Restarting a Snort box
This is a discussion on Re: [Snort-users] Restarting a Snort box within the Snort forums, part of the System Security and Security Related category; Timothy, You need to start by tuning your variables in your snort.conf, = turning off rules that don't apply ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-09-2006
|
|||
|
|||
Re: [Snort-users] Restarting a Snort box
Timothy,
You need to start by tuning your variables in your snort.conf, = turning off rules that don't apply to you (ex. Do you run pop3? = No? Then turn off pop3.rules). That will give you a great starting point. Joel On Aug 9, 2006, at 11:22 AM, Timothy A. Holmes wrote: > Hi folks: > > I admit I=92m a bit embarrassed to admit it, but I have neglected my = > snort box for several months, and it has been running along quite = > nicely but I haven=92t looked at it or BASE in probably 5 months =96 = > yes, I know =96 irresponsiable etc =96 the root cause is OVERLOAD of = > work =96 but that=92s another story. What I need is some help getting = > it back to useability and then finding out how to make it useable = > in such a way that I can glean the info I need from it quickly and = > be able to use it when its actually useful. > > > > The box is located on the perimeter of our network just inside the = > firewall. The database is running internal to the system, and I am = > Running BASE. I will be upgrading snort and base to the latest = > versions shortly and those type things. Im on Gentoo Linux. I need = > help from there > > > > Thanks > > > > > > Timothy A. Holmes > > IT Manager / Network Admin / Web Master / Computer Teacher > > > > Medina Christian Academy > > A Higher Standard... > > > > Jeremiah 33:3 > > Jeremiah 29:11 > > Esther 4:14 > > ---------------------------------------------------------------------- = > --- > Using Tomcat but need to do more? Need to support web services, = > security? > Get stuff done quickly with pre-integrated technology to make your = > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache = > Geronimo > http://sel.as-us.falkag.net/sel? = > cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642__ _______________________= _____ = > _________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users +---------------------------------------------------------------------+ Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key: http://demo.sourcefire.com/jesler.pgp.key AIM:eslerjoel YMSG:eslerjoel Gtalk:eslerj +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easi= er Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...63057&dat=3D1= 21642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users 
|
Linear Mode
