On Tue, 4 Dec 2001, Eric Potter wrote:
> Now that I have snort writing to a logfile and an alert on 1.5.2 I was
> hoping someone could assist me in putting the bells and whistles together,   

Well, what exactly do you want to "put together"? Hard to help if you
aren't more explicit. :)


> I don't think I understand the README steps to write it to my syslog server 

Try the -s option. From the Manpage:

       -s     Send alert messages to  syslog.   On  linux  boxen,
              they  will appear in /var/log/secure, /var/log/mes-
              sages on many other platforms.


> I am so new to bsd, I am not sure how to get this sucker to run as a
> background process. 

Let me see...
I run this on ip-up:

	cd /root/snort
	snort -de -c snort.conf -l . -i ppp0 &

This produces a few status lines, then sends alerts to the "alerts" file.
It should be possible to do the above from /etc/rc.local.

Of course you will still need to configure your snort.conf!


 - Hubert

-- 
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics -> http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup  -> http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html 
Of course with your #1 IPv6 ready operating system -> http://www.NetBSD.org/