Manualshelf

User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S
231232233234235236237238239240
ManageEngine Firewall Analyzer :: User Guide
238
Zoho Corp.
Configuring Snort
Firewall Analyzer supports most versions of Snort.
Configuring Snort
1. Shutdown the Snort server, if it is running.
2. Login as root if you installed Snort in Linux machine.
3. In snort.conf file (available at /etc/snort/snort.conf in linux and
c:\Snort\bin\snort.conf in windows) uncomment the line that contains output
information_syslog and enter the logging facility and the desired detail level
(for example: output alert_syslog:host=hostname:port, LOG_AUTH
LOG_ALERT)
4. Add the line config show_year to ensure that year has been included in the
alerts generated by Snort.
5. Save and exit the snort.conf file.
6. In Linux(only) edit the syslog.conf file in the /etc directory.
7. Append *.* @<server_name> at the end, where <server_name> is the name of
the machine on which Firewall Analyzer is running.
8. Save the configuration and exit the editor.
9. Restart the syslog service on the host using the command:
/etc/rc.d/init.d/syslog restart
10. Restart the Snort server with -M option.