"Turn" Snort command parameters

Reprinted from "Snort Command parameter Details"

Usage:

snort-[options] <filters>

Options:

-a <alert> set alarm mode, alert = full/fast/none/Unsock, detailed on a snort introduction. -b Save network packets with binary files to cope with high-throughput networks. b <mask>Erase IP address information and go private. -c <cf> use config file <cf> This will allow Snort to enter IDs mode and from the <cf>read the configuration information for the run. -d Displays the application layer data for the package. -D runs snort in the background process. If not specified, alerts will write to/var/log/snort/alert. -e Displays information about the data link layer. -E Save the alarm log for the Windows event log. -F Activates the pcap row buffer (line buffering). -F <bpf>Specifies the BPF filter. -G <gname>after Snort is initialized, it runs as a group ID. -G <id>set an underlying event ID value for event generation. -H 168.1.0/ -. -I <if> Set the network interface to <if>. You can query the list of network interfaces with the-W option and then specify the interface with the interface ordinal index. such as-I.2-I Append the interface information to the alarm. -j <port> when running in in-line mode, this option will only capture <port>the message of the port. -K <checksum mode>sets the checksum mode for all,noip,notcp,noudp,noicmp,or none. -k <logging mode> format save file: Pcap,ascii, none. PCAP is the default format, same as-The format of the B option. ASCII is the old pattern format. None closes the packet record. -L <ld> Set the packet file to store directory <ld>. Default directory is/var/log/snort.-l <fn> Set binary output file with file name <fn>. -M when running in a non-background mode daemon, save the information to the syslog. M <mask>sets the permission bit for the snort output file. -N <count> out <count>message and terminate the program after a packet. -N Closes the Save Log package feature. -O changes the order in which rules are applied. Change from Alert-->pass-->log order to pass-->alert-->Log, avoiding the setting of a large number of BPF command line parameters to filter alert rules. -O confuse IP addresses in the ASCII packet capture mode. -p Turn off promiscuous mode. -p<snaplen>set Snaplen, the default is the MTU of the current NIC. -q Quiet mode, do not display flag and status report. -Q When Online (inch-line) runtime, from iptables/read the packet in the IPQ. -R <tf>reads a packet from a file in the Pcap format. -R <name>add subscript for snort pidfile. -s causes snort to send alarm messages to the syslog, and the default device is Log_authpriv and Log_alert. You can modify the snort.conf file to modify its configuration. -S <n=v>set the value to V for the variable N. -T <chroot> change snort's root directory to <chroot> after initialization. -T starts snort in self-detection mode. -U <uname>changes the UID of snort after initialization. -U replaces the local time with UTC time on the timestamp. -v read the packet from the network and then display it on your console. -V View the version number and exit. -W if running in the 802.11 network, display the management frame. -W *win32 only* lists the available network interfaces. Either index or device name can be used-the i option. -X Displays the raw packets that include the data link layer. -y Displays the year in the timestamp. -Z <path>Set the Performance Monitor (Perfmon) path. -？ Help information.

Long parameter options

--logid <0xid> Same as-G--perfmon-file <file> Same as-Z--pid-path <path> Specify the path forThe Snort PID file--snaplen <snap> Same as-P--help Same as-? --dynamic-engine-lib <file>specifying dynamic monitoring engine files--dynamic-detection-lib <file>Specify a dynamic rule library file--dynamic-detection-lib-dir <path>Specify all dynamic rule library paths--dump-dynamic-rules <path>Create a root rule file for all loaded rule libraries--dynamic-preprocessor-lib <file>To specify a dynamic preprocessing library file--dynamic-preprocessor-lib-dir <path>specifying a dynamic preprocessing library path--dump-dynamic-preproc-genmsg <path>generation of Gen for all loaded preprocessing libraries-msg.map file to Path <path>. --alert-before-Pass handles alert, drop, Sdrop, or reject before pass. The default is pass before alert, drop, etc. --treat-drop- as-alert converts drop, and reject rules into alert rules during startup. Sdrop rules is not loaded. Handle drop as a    Lert. --process-all-Events Process all triggered eventsinchGroup order, per Rule ordering configuration.    Default stops after first group. --pid-path <path>Specify the path forSnort's PID file. Specify a path for the snortpid. --create-pidfile Create PID file, even when notinchDaemon mode. Create a PID file. --enable-inline-Test Runs Snortinch "Inline test mode". This option cannot is used with-q. Online test mode.

[*] [FILTERS]: Filter options

The filter option is the standard BPF format. That is, the filter expression is consistent with tcpdump. (bpf:http://ZH.WIKIPEDIA.ORG/WIKI/BPF)

"Turn" Snort command parameters