snort installation, configuration and test
snort installation:
https://www.snort.org/#get-started
wget https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz?oinkcode=56163f8e65b1704747ad2a09c47857e6bdf8a3a0
copy uncompressed rules to "~/usr/snort/snort-2.9.8.0/rules/"
insert a rule into "local.rules" for test: alert ip any any -> any any (msg: "IP Packet detected"; sid:1000001;)
run snort:
snort -c /etc/snort/snort.conf
result:
the default location of log is: "/var/log/snort/"
posted on 2016-01-21 17:20 ghostli123 阅读(174) 评论(0) 编辑 收藏 举报
