snort installation, configuration and test

时间:2023-11-23 09:38:20

snort installation:

https://www.snort.org/#get-started

wget https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz?oinkcode=56163f8e65b1704747ad2a09c47857e6bdf8a3a0

copy uncompressed rules to "~/usr/snort/snort-2.9.8.0/rules/"

insert a rule into "local.rules" for test: alert ip any any -> any any (msg: "IP Packet detected"; sid:1000001;)

run snort:

snort -c /etc/snort/snort.conf

result:

the default location of log is: "/var/log/snort/"

相关文章