Setting up Snort with IPCop is a very straightforward process. SourceFire require users to register if they want to download updated signatures. We really do want to have updated rules, and so we should ensure we register with SourceFire. This can be done by following the instruction on the following screen for registering on the Snort website and generating an Oink code.
Once registered, we fill in the form on the previous screen. We select each interface we want to monitor by marking the corresponding checkbox. The author's preference is to monitor all interfaces at this point and filter later when monitoring the logs. We should also choose SourceFire VRT rules for registered users unless we have a paid for subscription that allows us access to the subscription rules. Then we enter our Oink Code as obtained from the Snort website. We can now download the most up-to-date rules. That's it! We have now, by filling in a very simple form, configured a NIDS for our network...