Summary of Snort installation and configuration under windows and linux

First, what is Snort? Snort is a powerful Multi-Platform, Real-Time traffic analysis, network IP packet (Pocket) recording and other features of the Network Intrusion Detection/Prevention System (NIDS/). NIPS.Snort is released under the GNU General Public License (GPL), and you can get Snort for free download and install and start using it in just a few minutes. The multi-platform mentioned here is its advantage. I have set it separately in the Windows
environment and the Linux environment;

Snort installation configuration under Windows

test environment :Operating System
: Windows 2003 Hardware: Ordinary PC Software: PHP
Running Environment and three program files used by Mysql and snort (including Winpcap, adodb, base, jpgraph)< Br>

php running environment here is not much to say, need to cooperate with apache to work, will not find your own baidu configuration documents. Here I personally feel that snort is divided into 2 configurations, the first is php+mysql environment; the second is snort and related software installation configuration.

There can be a php+mysql green package from the network to use directly, in the case of confirming php+mysql no problem, start the snort configuration, first install winpcap this network capture software, then install snort After these two installations, you should find C:\\Snort\\etc\\snort.conf in the snort directory to configure it. 1.var HOME_NET 172.18.134.0/24 changed to its own network 2.var RULE_PATH c:\\snort\ ules confirm that the rule package path is no problem 3.dynamicengine C:\\Snort\\lib\\snort_dynamicengine\\sf_engine.dll was originally linux.so Change the file to the corresponding path .dll. 4.output database: log, mysql, user=root password=123asd dbname=snort host=localhost changed to its own mysql configuration. 5.include $RULE_PATH/local.rules to open the corresponding rule package. If the rule package is incorrect, it will be wrong when starting the load. 6. Create database mysql> -uroot -p123456create database snort; grant INSERT, SELECT on root.* to snort@localhost; exit Import the mysql path to C:\\Snort\\schemas\\create_mysql. 7. Access the relative path of the base through the browser, such as: http://localhost:8080/base

Follow the prompts step by step. I won’t say much here. The brain cells that can be used to configure snort are still very strong. (Not sure to modify jpgraph.php DEFINE(“CACHE_DIR”,”/tmp/jpgraph_cache/”); ) After running snort, you need to add an environment variable PCAP_FRAMES=max; at the command line via snort -cc:/snort /etc/snort.conf runs, but it is best to add as a system service

snort /SERVICE /INSTALL -cd:\\snort\\etc\\snort.conf -ld:\\snort\\log -K ascii -i2< Br>

Snort installation configuration in linux environment

Install linux can install php+mysql directly, then prepare several packages, adodb, base, jpgraph, pcre-7.9.tar.gz, Zlib-1.2.3.tar.gz, libpcap-1.0.0.tar.gz, snort-2.8.4.1-1.RH5.i386.rpm, snort-mysql-2.8.4.1-1.RH5.i386.rpm. 1. Test php+mysql no problem, go to the next step. 2. Install libpcap-1.0.0.tar.gz, pcre-7.9.tar.gz, zlib-1.2.3.tar.gz3. Then install snort-2.8.4.1-1.RH5.i386.rpm, snort- Mysql-2.8.4.1-1.RH5.i386.rpm4. The same is to configure snort.conf after installation 5. Create mysql snort database 6. Put adodb, base, jpgraph into the web directory by accessing the base to initialize the database . 7. Set environment variables 8. Run snort to test.

Personal feeling of the environment is very important, followed by the modification of the relevant configuration, and then the rules package. good luck.