36
Chapter 2 Installing Snort and Getting Started
You can also run the make check command before running the make
install command to make sure that Snort is built properly.
After installing, run Snort to see if the executable file is working. Using the above
mentioned procedure, Snort binary is installed in the /opt/snort/bin directory.
The following command just displays the basic help message of the newly built snort
and command line options.
[root@conformix snort]# /opt/snort/bin/snort ?
Initializing Output Plugins!
*> Snort! <*
Version 1.9.0 (Build 209)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
USAGE: /opt/snort/bin/snort [ options]
Options:
A Set alert mode: fast, full, console,
or none (alert file alerts only)
"unsock" enables UNIX socket logging
(experimental).
a Display ARP packets
b Log packets in tcpdump format (much
faster!)
c Use Rules File
C Print out payloads with character data
only (no hex)
d Dump the Application Layer
D Run Snort in background (daemon) mode
e Display the second layer header info
f Turn off fflush() calls after binary log
writes
F Read BPF filters from file
g Run snort gid as group (or gid)
after initialization
G Add reference ids back into alert msgs
(modes: basic, url)
h Home network =
i Listen on interface
I Add Interface name to alert output
l Log to directory
m Set umask =
M Sends SMB message to workstations in file
(Requires smbclient to be in PATH)
n Exit after receiving packets
N Turn off logging (alerts still work)
o Change the rule testing order to
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved