My second Snort Report has been posted. In this edition I talk about upgrading from an older version to 220.127.116.11, and then I begin discussing the snort.conf file.
I recommend reading the first Snort Report so you can follow along with my methodology. In the third article (to be posted next month) I describe the sorts of activity you can detect without using Snort rules or dynamic preprocessors. The idea behind this series of articles is to develop an intuitive understanding of Snort's capabilities, starting with the basics and becoming more complicated.