snort_agent-1.conf

# snort_agent.conf: auto-generated by NSMnow Administration on Di 10. Dez 14:15:12 UTC 2019
# DEBUG is VERY chatty. Use it only when needed (1=on, 0=off)
set DEBUG 0
# Run in background (1=yes, 0=no)
set DAEMON 0
# Name of sguild server
# Must be customized
set SERVER_HOST xxx.xxx.xxx.xxx
# Port sguild listens on for sensor connects
set SERVER_PORT 7736
# Port snort_agent listens on for barnyard2 connects
set BY_PORT 8001
# Local hostname (sensors monitoring multiple interfaces need to use a unique 'hostname' for each interface)
# Must be Hostname of OnionPi
set HOSTNAME onionpi
# The net id is used to correlate data from different agents.
set NET_GROUP onionpi
# The root of your log dir for data like pcap, portscans, sessions, etc
set LOG_DIR /var/log/snort
# Check for Portscan (spp_portscan) data files (0=off, 1=on)
set PORTSCAN 0
# Where to look for files created by modded spp_portscan
set PORTSCAN_DIR /var/log/snort/sensor_data/onionpi/portscans-1
# Snort Perfmonitor Stats (1=enable, 0=disable)
set SNORT_PERF_STATS 1
# File being logged to:
set SNORT_PERF_FILE /var/log/snort/sensor_data/onionpi/snort-1.stats
# sensor agent reports current disk use up to sguild
set WATCH_DIR /var/log/snort/sensor_data/onionpi
# Portscan files
set PS_CHECK_DELAY_IN_MSECS 10000 
# Disk space
set DISK_CHECK_DELAY_IN_MSECS 1800000 
# Keep a heartbeat going w/PING PONG in milliseconds. (0 to disable)
set PING_DELAY 300000