Snort configuration -- snort.conf file

This portion of Snort Report helps channel professionals understand the snort.conf file.

In the first Snort Report we created a "configuration file" called snortconf.test that contained a single ICMP rule. Invoking that configuration file via the -c switch put Snort in intrusion detection mode. In production, Snort packages a snort.conf configuration file in the etc/ directory. This directory will not appear in the /usr/local/snort-2.6.1.2/ directory, but it will be in the /usr/local/src/snort-2.6.1.2/etc/ directory. The snort.conf file is the place where a variety of configuration options can be set, and it is the preferred place to control Snort's operation.

Here I will start with a blank configuration file, called snort-2.6.1.2.20dec06a.conf, and add values as I describe their function. In this article I address only those functions enabled by default in snort.conf. I'll address the functions disabled by default in future articles.


Snort: Understanding the configuration file

  Introduction: Upgrade to Snort 2.6.1.2
 The snort.conf file
  Defining IP ranges of interest
  Defining ports of interest
  Core preprocessors
  Non-dynamic preprocessors
  Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

This was last published in January 2007

Dig Deeper on Network security products, technologies, services

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close