Artica Snort

All about Snort integration in Artica

Artica Snort

New postby drkimlaw » Sun Mar 04, 2012 2:06 pm

I have installed Snort 2.9.05 using Artica. On Artica, it shows Snort is running. However, when I checked snort.conf, it listed
var HOME_NET 188.165.241.0/24 which is not my network. My network is 192.168.2.0/24. When I changed /etc/snort/snort.conf, it always revert to 188.165.241.0/24. Where do I need to change to fix this problem.

If I run /etc/init.d/snort start, it return with error: /etc/snort/snort.conf: 1: var: not found

How can I be sure that Snort is running?

Thanks,
Kim
drkimlaw
 
Posts: 7
Joined: Sun Mar 04, 2012 1:57 pm
Location: Perth, Australia
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Artica Snort

New postby admin » Sun Mar 04, 2012 3:53 pm

SNORT is driven by the network configuration you will see here :


Just ensure your network is set inside this section.
04-03-201216-48-47.png
04-03-201216-48-47.png (132.18 KiB) Viewed 4129 times


After you need to enable snort on your interface

Select your Interface under the network configuration and enable snort inside this interface
04-03-201216-48-47.png
04-03-201216-48-47.png (132.18 KiB) Viewed 4129 times
Attachments
04-03-201216-52-05.png
04-03-201216-52-05.png (64.62 KiB) Viewed 4129 times
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France


Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 1 guest

cron