snortsam设置

snortsam设置
snortsam.cfg:
# ciscoacl plugin is not compatible with the threaded version due to the nature of ACLs.
# DISABLE threads
nothreads
#
accept snort传感器IP
defaultkey superchain
#   Set's the default key for ALL allowed hosts to <key>.
#   The default key is used when no other key is specified in an ACCEPT option.
#   You have to use the same key in the snort.conf file in the
#   "output alert_fwsam line". If the keys, or passwords if you will, don't
#   match, SnortSam can not decrypt the request from Snort and ignore it.
ciscoacl 思科设备IP 思科设备pw 思科设备pw acl_file
# ciscoacl IP_of_the_router_which_will_deny_with_ACL username/password enablepassword /full_path/acl_file
logfile snortsam.log
loglevel 3





snort设置
snort.conf
add:
output alert_fwsam: snort传感器IP/思科设备pw