Conraid's Repository

for Slackware

 NameLast modifiedSize

 Parent Directory  -
 README2023-02-03 13:48 2.9K
 snort3_extra- 13:49 4.8K
 snort3_extra- 13:49 714
 snort3_extra- 13:49 454
 snort3_extra- 13:48 137K
 snort3_extra- 13:49 508
 snort3_extra- 13:49 71

Slackware Current Repository by Conraid


snort_extra (Snort++ Extras)

Snort++ is all about plugins.  It has over 200 by default and makes it
easy to add more in C++ or LuaJIT.  This file will walk you through
building and running a set of extra example plugins.
If you haven't installed and verified Snort++, you will need to
do that first.




Please read the snort_manual.pdf file that should be included with this 
distribution for full documentation on the program as well as a guide to 
getting started.

This package builds a very basic snort implementation useful for monitoring
traffic as an IDS or packet logger and as a sort of improved tcpdump.
MySQL support is included, so you should have little trouble hooking snort up
to a database or ACID. For more information on these, check out snort's
homepage at:

Starting snort

An rc.snort file has been included for your convenience, but it needs to be
added to your init script of choice to run on boot. You should modify the
variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor,
or start it as:

  IFACE=xxxx /etc/rc.d/rc.snort start|stop|restart

As an example, you can put this in your /etc/rc.d/rc.local script:

  if [ -x /etc/rc.d/rc.snort ]; then
    IFACE=eth1 /etc/rc.d/rc.snort start

And this in your /etc/rc.d/rc.local_shutdown:

  if [ -x /etc/rc.d/rc.snort ]; then
    /etc/rc.d/rc.snort stop

Installing / Updating Rules etc.

In order for Snort to function properly, you need to provide rule files.
You can either get a paid subscription (newest rules) at:

or register for free (only rules >30 days old) at:

Then download your rules from:

The downloaded file contains the rules, signatures and updated configuration
files. Be careful when updating these, as you will probably have customized
a few settings in your snort.conf
At the end of this file is a sample script that you can use as a base to
automate unpacking of the tarball. It updates the rules, signatures and some
configurations, but copies the new snort.conf as, so that you
can examine it later.
This script is included only as an example and without any guarantee.
** Use at your own risk! **

Basically, you need to
1) put the new rules/*		into /etc/snort/rules/
2) put the new preproc_rules/*	into /etc/snort/preproc_rules/
3) put the new etc/*		into /etc/snort/ (except for snort.conf)

After updating your files, restart snort with:

  # /etc/rc.d/rc.snort restart

REQUIRES: snort3