Friday, July 20, 2012

Snort on Debian install guide has been posted

Thanks to Jason Weir, I just posted his Snort Install Guide for Debian 6.0.5.

You may find his updated guide at  We'd like to thank Jason Weir and the rest of the Snort community with their constant support, guides, bug reports, false positive reports, and participation in the mailing lists.

You all are fantastic!

Thanks Jason!

1 comment:

  1. Yes, thanks for the fantastic guide! I used it a couple of years ago and now to set up snort, barnyard, base on another computer and it has been the only guide I could find anywhere that got my IDS up and running without any problem. Perfect for indigent newbies like me.

    Just one thing in my case (Debian Squeeze) I had to change:

    I thought something was seriously misconfigured in the barnyard2.conf file when I was at the testing stage and couldn't get barnyard to write anything to the database, though it was processing the alerts. It turned out I just needed to change the test rule in local.rules from:

    alert icmp any any -> $HOME_NET any (msg: "ICMP test"; sid:10000001;) to:

    alert icmp any any -> $HOME_NET any (msg: "ICMP test"; sid:10000001; rev:1;)

    Thanks again for making life easy.