Trisul Network Analytics
Developer Zone

**This is an old revision of the document!** ----

====== Connecting Snort to Trisul Network Analytics ====== A step by step guide for Ubuntu 16.04 which explains how to : - Install Snort - Replace with Emerging Threats rules - Configure Oinkmaster for automatic updates - Start snort and view analytics in TrisulNSM ===== Install snort ===== Snort has a package for Ubuntu. This installs all components required. <code bash> apt-get update apt-get install snort </code> Also install oinkmaster , which also has an Ubuntu package <code bash> apt-get install oinkmaster </code> ===== Replace with Emerging Threats rules ===== We like the ET and ET Pro rulesets for a number of reasons. If you wish to remain with the Snort community rules or move to the excellent Talos ruleset, you can skip this step. ==== Download ET Community rules ==== <code> cd /etc/snort mv rules rules_old wget https://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz tar xf emerging.rules.tar.gz -C /etc/snort </code> ==== Point to the new ET rules ==== Open snort.conf and copy the lines from rules/emerging.conf into snort.conf and comment out the old snort.conf rules. Next specify a HOMENET, otherwise many ET rules wont load Example: <code> ipvar HOME_NET 192.168.0.0/16,10.0.0.0/8 </code>