Prepare Snort configuration files

Snort configuration files are externally created compressed archive files that contain the Snort rule sets and Snort settings.

Before you begin

Create or obtain Snort rule sets. For example, if you subscribe to a Snort rule updates, download the latest Snort rule update file.

The Engine uses data from the Snort configuration file to configure Snort inspection.

The snort.conf file must be in the root directory of the Snort configuration. The configuration in the snort.conf file can also reference other configuration files. The recommended practice is to use only relative references. For example, ./<directory name>/<filename>.conf rather than /etc/snort/<directory name>/<filename>.conf

Steps

  1. On a computer where the Snort rule sets are saved, copy the snort.conf file to the root directory of the Snort configuration.
  2. Copy the Snort rule files to the rules directory.
  3. Compress the Snort configuration as a .zip file.
  4. Copy the Snort configuration file to a location that you can access from the computer where you use the Management Client.

Next steps

Import the Snort configuration file globally for all Engines or for individual Engine Engines.