MSI Supero CSE-M35S Podręcznik Użytkownika Pobierz pdf (Strona 239)

ManageEngine Firewall Analyzer :: User Guide

238

Zoho Corp.

Configuring Snort

Firewall Analyzer supports most versions of Snort.

Configuring Snort

1. Shutdown the Snort server, if it is running.

2. Login as root if you installed Snort in Linux machine.

3. In snort.conf file (available at /etc/snort/snort.conf in linux and

c:\Snort\bin\snort.conf in windows) uncomment the line that contains output

information_syslog and enter the logging facility and the desired detail level

(for example: output alert_syslog:host=hostname:port, LOG_AUTH

LOG_ALERT)

4. Add the line config show_year to ensure that year has been included in the

alerts generated by Snort.

5. Save and exit the snort.conf file.

6. In Linux(only) edit the syslog.conf file in the /etc directory.

7. Append *.* @<server_name> at the end, where <server_name> is the name of

the machine on which Firewall Analyzer is running.

8. Save the configuration and exit the editor.

9. Restart the syslog service on the host using the command:

/etc/rc.d/init.d/syslog restart

10. Restart the Snort server with -M option.

1 2 ... 234 235 236 237 238 239 240 241 242 243 244 ... 308 309

Brak uwag

MSI Supero CSE-M35S Podręcznik Użytkownika Strona 239