Snort Command Line Options


55


2.4 Snort Command Line Options


Snort has many command line options that are very useful for starting Snort in different


situations. As you have already seen, command line options are helpful in running mul 


tiple versions of Snort on the same system. You can use  snort  ?  command to dis 


play command line options. Most commonly used and useful command line options are


listed in Table 2 2.


Table 2 2 Snort command line options


Options


Description


 A


This options sets alert mode. Alert modes are used to set different levels of detail with 


the alert data. Options available are fast, full, console or none. You have already seen 


that the console mode is used to display alert data on the console screen instead of log 


ging to files. The fast mode is useful for high speed operations of Snort.


 b


This option is used to log packets in tcpdump format. Logging is very fast and you 


can use the tcpdump program later on to display the data.


 c


This is the most commonly used option. You specify the location of snort.conf file 


with this option. When specified, Snort does not look into default locations of the con 


figuration file snort.conf. As an example, if the snort.conf file is present in /etc 


directory, you will use   c /etc/snort.conf  on the command line while start 


ing Snort.


 D


This option enables Snort to run in the background. In almost all implementations of 


Snort, this option is used. You don't use this option when you are testing Snort after 


installation.


 i


This option is used to start Snort so that it listens to a particular network interface. This 


option is very useful when you have multiple network adapters and want to listen to 


only one of them. It is also useful when you want to run multiple Snort sessions on mul 


tiple network interfaces. For example, if you want Snort to listen to network interface 


eth1 only, you will use   i eth1  on the command line while starting Snort.


 l


This option is used to set the directory where Snort logs messages. The default location 


is /var/log/snort. For example, if you want all log files to be generated under /


snort directory, you will use   l /snort  command line option.


 M


You have to specify a text file as argument to this option. The text file contains a list of 


Microsoft Windows hosts to which you want to send SMB pop up windows. Each line 


should contain only one IP address. Note that you can achieve the same goal through 


snort.conf file as well, which will be explained later.


 T


This option is very useful for testing and reporting on the Snort configuration. You can 


use this option to find any errors in the configuration files.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved