40

Chapter 2     Installing Snort and Getting Started

Now you can start Snort using the following command. The command displays

startup messages and then starts listening to interface eth0. Note the command line

option where snort.conf is specified with its full path. I would recommend  always

using the full path for snort.conf on the command line to avoid any confusion.

[root@conformix snort]# /opt/snort/bin/snort  c /opt/snort/

etc/snort.conf 

Initializing Output Plugins!

Log directory = /var/log/snort

Initializing Network Interface eth0

          == Initializing Snort ==  

Decoding Ethernet on interface eth0

Initializing Preprocessors!

Initializing Plug ins!

Parsing Rules file /opt/snort/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

No arguments to frag2 directive, setting defaults to:

    Fragment timeout: 60 seconds

    Fragment memory cap: 4194304 bytes

    Fragment min_ttl:   0

    Fragment ttl_limit: 5

    Fragment Problems: 0

Stream4 config:

    Stateful inspection: ACTIVE

    Session statistics: INACTIVE

    Session timeout: 30 seconds

    Session memory cap: 8388608 bytes

    State alerts: INACTIVE

    Evasion alerts: INACTIVE

    Scan alerts: ACTIVE

    Log Flushed Streams: INACTIVE

    MinTTL: 1

    TTL Limit: 5

    Async Link: 0

No arguments to stream4_reassemble, setting defaults:

     Reassemble client: ACTIVE

     Reassemble server: INACTIVE

     Reassemble ports: 21 23 25 53 80 143 110 111 513

     Reassembly alerts: ACTIVE

     Reassembly method: FAVOR_OLD

http_decode arguments:

    Unicode decoding

    IIS alternate Unicode decoding