Configuring Snort

Firewall Analyzer supports most versions of Snort.

Configuring Snort

1. Shutdown the Snort server, if it is running.
2. Login as root if you installed Snort in Linux machine.
3. In snort.conf file (available at /etc/snort/snort.conf in linux and c:\Snort\bin\snort.conf in windows) uncomment the line that contains output information_syslog and enter the logging facility and the desired detail level (for example: output alert_syslog:host=hostname:port, LOG_AUTH LOG_ALERT)
4. Add the line config show_year to ensure that year has been included in the alerts generated by Snort.
5. Save and exit the snort.conf file.
6. In Linux(only) edit the syslog.conf file in the /etc directory.
7. Append *.* @<server_name> at the end, where <server_name> is the name of the machine on which Firewall Analyzer is running.
8. Save the configuration and exit the editor.
9. Restart the syslog service on the host using the command:
   /etc/rc.d/init.d/syslog restart
10. Restart the Snort server with -M option.