Firewall Analyzer supports most versions of Snort.
- Shutdown the Snort server, if it is running.
- Login as root if you installed Snort in Linux machine.
snort.conf file (available at
/etc/snort/snort.conf in linux and
c:\Snort\bin\snort.conf in windows) uncomment the line that contains
output information_syslog and enter the logging facility and the desired detail level (for example:
output alert_syslog:host=hostname:port, LOG_AUTH LOG_ALERT)
- Add the line
config show_year to ensure that year has been included in the alerts generated by Snort.
- Save and exit the snort.conf file.
- In Linux(only) edit the syslog.conf file
in the /etc directory.
at the end, where
is the name of the machine on which Firewall Analyzer is running.
- Save the configuration and exit the editor.
- Restart the syslog service on the host using the command:
- Restart the Snort server with -M option.