Q: Is there a snort.conf file on my sensors?

A:

There is a snort.conf file on the sensors that you can read through to see the actual settings on preprocessors and the like. It is short, and includes a number of other conf files.

In fact, there's a snort.conf and associated includes on each sensor for each detection engine running on the sensor. There is a directory for each detection engine.

cd /var/sf/detection_engines In there you'll see a subdirectory for each D.E. The subdirectory names are huge crazynumbers.

Change into one of those directories and you'll see the snort.conf file, and the other files included by it.

To tell which crazynumber is associated with which D.E., you have to cat de.conf in that directory, see what interfaces it is assigned to, and compare that to the interface assignments on the Defense Center GUI.