SearchSecurityChannel.com (SSC) has posted my first Snort Report. This is a new monthly series I'm writing for SSC that is starting at ground zero with Snort and working towards greater levels of complexity.
I thought it would be helpful to begin by explaining how to install Snort in a manner that allows easy testing of new versions while running older versions. I also discuss the modes Snort supports. Next month I describe the snort.conf file and show how to get Snort to perform useful work in IDS mode without using a single rule.
Is there some aspect of Snort you'd like to know more about? I may not have all the answers tumbling around in my head, but I can do research and ask some of the best Snort minds around if necessary.