Anyone give me any info on Snort??

caveman · Post by **caveman** » Thu Dec 14, 2006 7:14 am

What is it?
What does it do?
How does it work?

And how in gods name do I get it to run in IPCop??

There really doesn`t seem to be any dummies guides to it (hence why i`m struggling) and I`m stuck good and proper!

I found some thing about "editing the url" to include the "oink code" and the filename but I`m really in over my head....

In fact is it even of any use to me??

Thanx again in advance!

Al

Post by **YeOldeStonecat** » Thu Dec 14, 2006 9:32 am

http://www.snort.org/

http://www.snort.org/about_snort/

I forget how it ran on IPCop...guessing it was part of the Copfilter add-on? It's built into Endian....I did the free registration..you get your "oink" code..lol..and enter it..it will download the definitions.

caveman · Post by **caveman** » Thu Dec 14, 2006 6:40 pm

Ah right.... well there`s definitely something to do with Snort in IPCop....Under the services tab there`s Intrusion Detection at the bottom and you can enable or disable on red and green (And I assume any other interfaces you may have configured).

I`ve set it to red and green and at thre bottom of the tab, near the field with my oink code, there are 2 buttons, "Download new ruleset" and "force update" and just next to those it says "Rules already up to date".

Also under the System status tab it says "Running" for intrusion detection (red) and (Green).

I therefore conclude that it is indeed running on my IPCop

It was a lot easier that some of the reading up led me to believe!!

Ah well, thanx again.