You are not logged in.
Hi,
I have snort installed from the AUR along with oinkmaster and have updated my /etc/snort/rules with "$sudo oinmaster.pl -o /etc/snort/rules/"
However after a couple of hours of frustration and bastardising snorts config file I finally managed to run "$sudo snort -c /etc/snort/snort.conf -i wlp5s0" without it complaining of an error. I then ran a full TCP scan with nmap from another machine. Stopped snort running to look at the output and it hadnt found anything.
I just want to run a simple snort configuration on a single machine to alert me of anything that looks suspicious. Does anyone know how to do this or know of a good guide? Or alternatively something else better suited to the task?
(Snorts documentation is awful and the Arch wiki article is the first bad one I've seen)
Thanks.
Offline
I have had the same issue for years & now I just don't bother with snort, hope you get some form of example/guide/how to for this as I would love to get a snort running at home too.
gluck
ROG Strix (GD30CI) - Intel Core i5-7400 CPU - 32Gb 2400Mhz - GTX1070 8GB - AwesomeWM (occasionally XFCE, i3)
If everything in life was easy, we would learn nothing!
Linux User: 401820 Steam-HearThis.at-Last FM-Reddit
Offline
I have had the same issue for years & now I just don't bother with snort, hope you get some form of example/guide/how to for this as I would love to get a snort running at home too.
gluck
I've tried it a couple of times in the past and never succeeded. Its the most frustrating thing I've ever tried to do with a computer.
Offline