26
Chapter 2
Notice in the bottom left of the screen that
less
has highlighted the
path to the file. If you press the forward slash (
/
) key,
less
will let you
search for terms in the file. For instance, when you first set up Snort, you
need to determine how and where you want to send your intrusion alert
output. To find that section of the configuration file,
you could simply
search for
output, like so:
# Snort build options:
# Options: --enable-gre --enable-mpls --enable-targetbased
--enable-ppm --enable-perfprofiling enable-zlib --enable-active
-response --enable-normalizer --enable-reload --enable-react
/output
This will immediately take you to the first occurrence of
output and
highlight it. You can then look for the next occurrence of
output by
typing
n
(for
next).
# Step #6: Configure output plugins
# For more information, see Snort Manual, Configuring Snort - Output Modules
#####################################################################
#unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types,
vlan_event_types
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types,
vlan_event_types
# Additional configuration for
specific types of installs
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp
# syslog
# output alert_syslog: LOG_AUTH LOG_ALERT
:
As you can see,
less
took you to the next occurrence of the word
output
and highlighted all the search terms.
In this case, it went directly to the out-
put section of Snort. How convenient!
Summary
Linux has numerous ways of manipulating text, and each way comes with
its own strengths and weaknesses. We’ve touched on a few of the most use-
ful methods in this chapter, but I suggest you try
each one out and develop
your own feel and preferences. For example, I think
grep
is indispensable,
and I use
less
widely, but you might feel different.
