great tutorial my brother - i was able to install and configure Snort on ubuntu 22.x. I applied the 2 rules that worked perfectly, I am researching IDS for university so your tutorial has been very helpful. Keep up the tut's your a soldier... Big ups. 😀
@techwithkazim9180 no I enter the apt-get install first and the output was failed to fetch, then I try to enter the apt-get update and it said 'failed to fetch' and 'some index files failed to download. They have been ignored or old ones used instead'
Please,I got an error message when i run "sudo snort -A console -q -i -c /etc/snort/snort.conf -k ascii. the error is "unknown command line checksum option: ascii".I will appreciate you response on this. Thank you.
1. Did you replace "" with the network interface Snort is listening on? 2. The last part of the command is "-K ascii" and not a lower case k 3. If the 2 options above doesn't work, please screenshot the command you entered plus the error you're getting.
@techwithkazim9180 Thank you for your prompt response and videos. 1. I actually insert the interface. 2.I used the small letter "k". I will try it again and revert back. Thank you always.
great tutorial my brother - i was able to install and configure Snort on ubuntu 22.x. I applied the 2 rules that worked perfectly, I am researching IDS for university so your tutorial has been very helpful. Keep up the tut's your a soldier... Big ups.
😀
You are welcome. I'm glad that you found the tutorial helpful
excellent, how to setting up ips snort?
Set Snort 'detection mode' in snort.conf file to 'ips', then write rules to block or reject traffic
Thanks a lot👍@@techwithkazim9180
in 7:21 why my vm said that it failed to fetch?
Did you do "sudo apt-get update" first?
@techwithkazim9180 no I enter the apt-get install first and the output was failed to fetch, then I try to enter the apt-get update and it said 'failed to fetch' and 'some index files failed to download. They have been ignored or old ones used instead'
I realized that in 5:35 that my enp0s8 shows only inet6, the normal inet is not there
Great Tutorial. Where is log file stored and how can I check that?
@@RamandeepKaur-ly1kk You can check the /var/log/suricata/ directory for the eve.json logs or the fast.log
I am newbie, the article is very good, permission to copy and paste to reference my blog, thank you very much
Granted. But please do not forget to reference my channel in your blog, thank you
Bro u are awesom i setup the first ids by seeing your vedio early i am tried the suricat but i got more errors will you able to put vedio for suricata
I will consider a tut for Suricata. You can subscribe to my channel so you get the notification as soon as I drop the tut for Suricata
Here is my new video on using Suricata as an IDS and IPS
ruclips.net/video/8Q3Nhyvh-1I/видео.html
Enjoy! And please like it and share it. Thanks
Great my teacher
Amazing but is there a modification for .lua files ?
Not at the moment. But I will look into that in the near future
bro what if i want to use snort in a separate vm which sits in the middle between 2 devices (possibly a kali linux machine and a metasploitable)?
Ensure Snort is listening on the network interface that the metaspoitable and kali vm are both on
thanks alot it workked@@techwithkazim9180
How can I use this snort to test for false positives
Generate legitimate traffic and monitor the alerts afterwards. This helps you to update or rewrite the rules correctly.
视频带上中国字幕就好了
Will look into that next time
Please,I got an error message when i run "sudo snort -A console -q -i -c /etc/snort/snort.conf -k ascii.
the error is "unknown command line checksum option: ascii".I will appreciate you response on this. Thank you.
1. Did you replace "" with the network interface Snort is listening on?
2. The last part of the command is "-K ascii" and not a lower case k
3. If the 2 options above doesn't work, please screenshot the command you entered plus the error you're getting.
@techwithkazim9180 Thank you for your prompt response and videos.
1. I actually insert the interface.
2.I used the small letter "k".
I will try it again and revert back.
Thank you always.
@techwithkazim9180 I finally replaced lower case k with higher case K, and it worked expressly.
Thank you so much.
@@theAlmightyGod09 You're welcome
@@techwithkazim9180subscribed and notification on.