Debian snont настройка

Официальная документация по настройке www.snort.org/assets/167/deb_snort_howto.pdf

Change these lines:
Line #39 — ipvar HOME_NET 192.168.1.0/24 – make this match your internal (friendly) network
Line #42 — ipvar EXTERNAL_NET !$HOME_NET
Line #80 — var RULE_PATH ./rules – this assumes /etc/snort/rules
Line #186-#190 comment out all of the preprocessor normalize_ lines
Line #366 — add this: output unified2: filename snort.log, limit 128
Line #395 — delete or comment out all of the “include $RULE_PATH” lines except “local.rules”

для новой версии snort-2.9.1.tar.gz

Change these lines:
Line #45 — ipvar HOME_NET 192.168.1.0/24 – make this match your internal (friendly) network
Line #48 — ipvar EXTERNAL_NET !$HOME_NET
Line #98 — var RULE_PATH ./rules – this assumes /etc/snort/rules
Line #235-#239 comment out all of the preprocessor normalize_ lines
Line #471 — add this: output unified2: filename snort.log, limit 128
Line #503 — delete or comment out all of the “include $RULE_PATH” lines except “local.rules”

./configure --with-mysql --with-libpcre-libraries=/usr/src/snort/libdnet-1.12/src/.libs/ --with-dnet-includes=/usr/src/snort/libdnet-1.12/include/ --enable-build-dynamic-examples --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib --enable-dynamicplugin --enable-perfprofiling --enable-ipv6
Читать дальше