snort3安装
· 阅读需 2 分钟
准备环境
apt install -y build-essential autotools-dev libdumbnet-dev libluajit-5.1-dev libpcap-dev zlib1g-dev pkg-config libhwloc-dev cmake liblzma-dev openssl libssl-dev cpputest libsqlite3-dev libtool uuid-dev git autoconf bison flex libcmocka-dev libnetfilter-queue-dev libunwind-dev libmnl-dev ethtool libjemalloc-dev libpcre3-dev
编译安装
安装libdaq
git clone https://github.com/snort3/libdaq.git
cd libdaq
./bootstrap
./configure
make -j 4
make install
ldconfig
安装snort3
git clone https://github.com/snort3/snort3.git
cd snort3
./configure_cmake.sh --prefix=/usr/local/snort3 --enable-tcmalloc
cd build
make -j 4
make install
centos install: Snort_3_GA_on_OracleLinux_8.pdf
配置
设置alert_json启用日志文件
cat << EOF > /usr/local/snort3/etc/snort/snort.lua
alert_json =
{
file = true,
limit = 200
}
EOF