Installing Snort

37

                   Pass|Alert|Log

         O         Obfuscate the logged IP addresses

         p         Disable promiscuous mode sniffing

         P   set explicit snaplen of packet

                   (default: 1514)

         q         Quiet. Don t show banner and status report

         r     Read and process tcpdump file 

         R     Include  id  in snort_intf.pid file

                   name

         s         Log alert messages to syslog

         S    Set rules file variable n equal to value v

         t    Chroots process to  after

                   initialization

         T         Test and report on the current Snort

                   configuration

         u  Run snort uid as  user (or uid)

                   after initialization

         U         Use UTC for timestamps

         v         Be verbose

         V         Show version number

         w         Dump 802.11 management and control frames

         X         Dump the raw packet data starting at the

                   link layer

         y         Include year in timestamp in the alert and

                   log files

         z         Set assurance mode, match on established

                   sesions (for TCP)

         ?         Show this information

 are standard BPF options, as seen in TCPDump

[root@conformix snort]#

 If you see this message, you have built Snort properly. In the next section, you

will learn how to configure and run Snort.

2.2.2.3

After Installation Processes

Now that you have built Snort binary, you have to do few things before you can

start using Snort. These include:

1. Create directory /var/log/snort where Snort creates log files by default.

2. Create a directory to save configuration files. I have created /opt/snort/

etc. You can create a directory of your own.

3. Create or copy the Snort configuration file in /opt/snort/etc directory.