Home
Topics
Security Channel
Network security products, technologies, services
Snort configuration -- snort.conf file

Snort configuration -- snort.conf file

In the first Snort Report we created a "configuration file" called snortconf.test that contained a single ICMP rule. Invoking that configuration file via the -c switch put Snort in intrusion detection mode. In production, Snort packages a snort.conf configuration file in the etc/ directory. This directory will not appear in the /usr/local/snort-2.6.1.2/ directory, but it will be in the /usr/local/src/snort-2.6.1.2/etc/ directory. The snort.conf file is the place where a variety of configuration options can be set, and it is the preferred place to control Snort's operation.

Here I will start with a blank configuration file, called snort-2.6.1.2.20dec06a.conf, and add values as I describe their function. In this article I address only those functions enabled by default in snort.conf. I'll address the functions disabled by default in future articles.

Snort: Understanding the configuration file

Introduction: Upgrade to Snort 2.6.1.2
The snort.conf file
Defining IP ranges of interest
Defining ports of interest
Core preprocessors
Non-dynamic preprocessors
Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

More News and Tutorials

Articles

Snort IDS upgrade and tips on the Snort.conf file

Snort configuration -- Conclusion

Top five Snort tips

Snort configuration -- Defining ports of interest

Snort configuration -- Non-dynamic preprocessors

This was first published in January 2007

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup
Microscope

Cloud Provider
- News briefs: Google cloud services headline I/O, Compute Engine opens
  
  In these briefs, Google I/O delivers news about Google's cloud services, including a new database service and general availability of Compute Engine.
- How can you maximize the ROI for IPv6 training?
  
  Have a well-thought-out plan for IPv6 training before you start, says IPv6 expert Ciprian Popoviciu, and follow these tips after schooling begins.
- Is it more useful to jump into IPv6 testing or master IPv6 theory?
  
  Mastering the theory behind IPv6 and the act of IPv6 testing are both important, but one is more helpful long term, says cloud expert Chip Popoviciu.
Security
- Using EMET to harden Windows XP and other legacy applications
  
  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
- Beyond privacy policies: Practical privacy for websites and mobile apps
  
  Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
- Exploit kits evolved: How to defend against the latest attack toolkits
  
  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
Networking
- Troubleshooting network problems with good governance and design
  
  Packet loss, oversubscription, unpatched and inconsistent switch software still plague enterprise networks. Find out how engineers are fighting back.
- Networking blogs: Overlay Transport Virtualization, SDDC practicality
  
  In this week's networking roundup, bloggers advise how to use Overlay Transport Virtualization and discuss what's needed for a mature SDDC.
- Q&A: Why WLAN test tools should evolve quickly -- but likely won't
  
  Network consultant Peter Welcher talked to SearchNetworking about the evolution of WLAN test tools as more businesses look to wireless networks.
searchStorage
- Is there any popular software that allows me to share PCIe SSD cards?
  
  Learn the different methods to share PCIe SSD cards among multiple servers to improve performance and still keep costs down.
- Can object storage systems be used with file-based apps?
  
  Learn how to use applications such as Microsoft Exchange or SQL Server with object storage systems on the back end.
- How can host-based and array-based data replication techniques be compared?
  
  Learn the benefits and drawbacks to host-based and array-based replication methods to determine which one better suits your environment.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Server Virtualization
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
- Power management a must for oVirt high availability
  
  Dodge dreaded downtime by enabling power management in your oVirt 3.1 environment.
searchDataBackup
- Enterprise backup software avoids storage sales slump
  
  While storage vendors reported slow sales at start of 2013, Symantec and CommVault had success with enterprise backup software.
- Disk can help with backup tape rotation strategy
  
  Backup expert George Crump explains how to use disk to get the most out of your backup tape rotation strategy.
- How cloud archiving services compare
  
  Backup expert George Crump discusses the issues involved in picking a cloud archiving service for your organization.
MicroscopeUK
- Security is too complex
  
  Nick Booth is all ears as Sophos explains to its partners that simplicity is key in the security market
- Ofcom stresses importance of decent broadband
  
  An Ofcom report into the availability of communications has stressed the point that UK firms will miss out if broadband speeds do not improve
- Apple Stores get the thumbs up from shoppers
  
  Apple has come top of the charts with high street shoppers according to the latest Which? survey of who is doing well in the retail market

All Rights Reserved,Copyright 2006 - 2013, TechTarget