./snort -vde


./snort -dev -l /snort/logs/packetlog -h 10.49.50.0/8


./snort -dev -l ./log -h 10.49.50.0/8 -c snort.conf


wget https://www.snort.org/downloads/snort/daq-2.0.2.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.6.2.tar.gz


./configure; make; sudo make install


wget https://www.snort.org/rules/community
tar -xvfz community.tar.gz -C /etc/snort/rules


eth0:eth1
eth0:eth1::eth2:eth3


$ sudo snort --daq afpacket -i eth1:eth2 -Q -c snort.conf


$ sudo snort -c snort.conf -i eth1:eth2 -Q --daq afpacket --daq -mode inline -daq -var buffer_size_mb=1024


config policy_mode:inline
config daq: afpacket
config daq_mode: inline
config daq_var: buffer_size_mb=1024


iptables -A INPUT -p tcp --dport 110 -j NFQUEUE --queue-num 2


$ wget http://pulledpork.googlecode.com/svn/trunk/ pulledpork.pl


/usr/local/bin$ sudo chmod 755 pulledpork.pl


rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>#
rule_url=https://rules.emergingthreats.net/|etpro.rules.tar.gz


<et oinkcode>


0 2 * * * pulledpork.pl -c /etc/snort/pulledpork.conf -H -v >> /var/log/pulledpork 2>&1 #Update Snort Rules