Transferred from: http://www.cnblogs.com/kathmi/archive/2010/08/09/1795405.html
Snort is a well-known open source intrusion detection tool that not only offers excellent sniffing capabilities, but also provides security in terms of server security.
Recently, because of the content involved, it is recorded.
The following software is used:
- Snort_2_8_6_installer.exe (as per default path installation)
- Winpcap_4_1_2.exe
- snortrules-snapshot-2860.tar.gz (rule Library, extract to Snort's installation directory, if prompted to repeat files, you can choose not to overwrite)
Snort is a command-line software, instructions for the future introduction, first familiar with the basic functions.
After the installation is complete, for ease of use, in the System environment variable path Add (/\snort\/) \ Bin, where (/\snort\/) is the home directory of Snort.
In CMD, run snort-w,w uppercase. This command can be used as a flag for snort to install successfully and to see the network card information that is running.
In the case of doing nothing, a snort-v can implement a simple sniffer task. CTRL + C can end sniffing.
The more complicated thing is the configuration. The path to Rule_path,so_rule_path,preproc_rule_path,dynamicpreprocessor and Dynamicengine sets the absolute path on Windows. One thing to keep in mind is that the path of the dynamicpreprocessor should not end with a slash or backslash, the original configuration has a slash, and if any, it will cause the engine to fail to load.
The command used for configuration is: Snort-v-C (/\snort\/) \etc\snort.conf; Press this command or appear error:openalertfile () = fopen () Alert file Log/alert.ids: No such file or directory. This may be the second bug in this version, I hope that the official will be able to provide corrections.
Since it cannot be run, we can only write the file to the specified directory through snort-l (/\snort\/) \mylogs-c (/\snort\/) \etc\snort.conf.
At this point, snort is a simple use, the reason to write this, one to continue to introduce snort to prepare, and second, the above two bugs, to the first use of the confusion brought to the record, to illustrate.
Problems that Snort encounters during use: Error:openalertfile () = fopen () alert file log/alert.ids:no such file or directory