Installing Snort

29

This command will perform the following actions:

  Create a directory /etc/snort where all Snort rule files and configuration files

are stored.

  Create a directory /var/log/snort where Snort log files will be stored.

  Create a directory /usr/share/doc/snort 1.9.0 and store Snort documentation

files in that directory. You will see files like FAQ (Frequently Asked

Questions), README and other files in this directory.

  Create a file snort plain in /usr/sbin directory. This is the Snort daemon.

  Create a file /etc/rc.d/init.d/snortd file which is startup and shutdown script. On

RedHat Linux, this is equivalent to /etc/init.d/snortd.

Basic installation is complete at this point and you can start using Snort. The ver 

sion of Snort installed this way is not compiled with database support, so you can use it

only for logging to files in the /var/log/snort directory.

2.2.1.3

Starting, Stopping and Restarting Snort

To run Snort manually, use the following command:

/etc/init.d/snortd start

This command will start Snort and you can run the Snort daemon using the  ps

 ef  command. You should see a line like the following in the output of this com 

mand:

root     15999     1  0 18:31 ?        00:00:01 /usr/sbin/

snort  A fast  b  l /var/log/snort  d  D  i eth0  c /etc/

snort/snort.conf

Note that you have to start Snort manually each time you reboot the machine. You

can automate this process by creating links to this file, which will be explained later in

this chapter.

To stop Snort, use the following command:

/etc/init.d/snortd stop

To restart Snort, use this command:

/etc/init.d/snortd restart

2.2.2

Installing Snort from Source Code

To install Snort from the source code, you have to build it first. You can build the

executable  snort file using the procedure explained in this section. First, download