Snort configuration -- Conclusion
This segment wraps up the Snort configuration tip.
In the next Snort Report we will see what sorts of activity Snort might detect given this limited configuration. In the Snort Report that follows we will explore Snort's new dynamic preprocessors (FTP, TELNET, SMTP, SSH, DCE-RPC and DNS) by adding them to the configuration file.
![]()
Snort: Understanding the configuration file
![]()
Introduction: Upgrade to Snort 2.6.1.2
The snort.conf file
Defining IP ranges of interest
Defining ports of interest
Core preprocessors
Non-dynamic preprocessors
Conclusion
About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.