./snort
•Packet Logger Mode — log TCP/IP packet headers to disk
Use the previous snort commands along with the
./snort
You must have an existing directory by that name to prevent Snort from exiting with an error. You should also specify the local host address, using the
Other switches in packet logger mode include the following:
There are several ways in which you may configure the Snort output. See the Snort Users Manual for details.
Use the Internet Express Administration utility to perform the following actions with Snort:
•Configure the Snort Decoder (see Section : Configuring Snort Decoder)
•Configure the Snort Preprocessor (Section : Configuring Snort Preprocessor)
•Run Snort (see Section : Running Snort)
•View alert messages (Section : Viewing Alert Messages)
Configuring Snort DecoderFollow these steps to configure the Snort decoder.
1.From the Manage Components menu, choose Snort.
2.From the Configure Snort menu, choose Configure Snort Decoder. The Configure Menu is displayed.
3.Click in a checkbox to select the desired decoder option:
Option | Description |
Disable Decode Alert | Turns of the alerts generated by the decode phase of |
| Snort. |
Disable Alerts on Invalid IP options | Disables IP option validation alerts. |
Disable Alerts on obsolete TCP options | Turns off alerts generated by obsolete TCP options. |
|
|
4.Click on Submit.
Configuring Snort PreprocessorFollow these steps to configure the Snort preprocessor:
1.From the Manage Components menu, choose Snort.
2.From the Configure Snort menu, choose Configure Snort Preprocessor. The Configure Menu is displayed.
Snort Intrusion Detection System 185