Checking Snort

Checking to see if snort is installed.

Here "-T" is used for testing configuration, and "-c" is identifying the configuration file (snort.conf). Note that it is possible to use an additional configuration file by pointing it with "-c".

Once we use a configuration file, snort becomes much more power! The configuration file is an all-in-one management file of the snort. Rules, plugins, detection mechanisms, default actions and output settings are identified here. It is possible to have multiple configuration files for different purposes and cases but can only use one at runtime.

V / --version | This parameter provides information about the instance version
with sudo snort -c /etc/snort/snort.conf -T .. I can see also see information about the rules

PreviousBrief overview of IDS and IPSNextSnort Sniffer mode

Last updated