Preprocessors, Alerts & logging, Edit config file – RuggedCom RuggedRouter RX1100 User Manual

33. Configuring the Intrusion Detection System

Revision 1.14.3

279

RX1000/RX1100™

33.2.3. PreProcessors

Figure 33.6. Snort Preprocessors

Preprocessors are plug-in modules that operate on the captured packets. Preprocessors perform a
variety of transformations to make it easier for snort to classify packets.

The configuration of preprocessors is beyond the scope of this user guide.

33.2.4. Alerts & Logging

Alerts generated by snort are stored by one of three methods; as local syslog messages, remotely
sylogged messages and in an alert file.

Figure 33.7. Snort Alerts

When the Local syslogging method is chosen, the destination log file may be selected.

When the alert file method is chosen, a daily analysis of the file can be emailed to the user provided in
the User Name.. field. Note the you must also visit the Maintenance menu, Miscellaneous sub-menu,
Outgoing Mail sub-menu in order to configure a mail forwarder.

33.2.5. Edit Config File

Snort is extremely flexible and not all capabilities have been described in this user guide. This menu
provides the user with the ability to make raw configuration changes to the snort configuration file
from within Webmin.