Prepare For Snort Installation

Running Snort

Platform
Intel® PAC
Napatech SmartNIC
Content Type
Application Note
Capture Software Version
Link™ Capture Software 12.4

About this task

Guides for setting up Snort on various OS distributions are available from https://www.snort.org/documents.

Pre-built packages for Fedora, CentOS and FreeBSD are also available from https://www.snort.org/.

The following guide describes how to install Snort from source. Snort will be installed with the prefix /usr/local/snort and configured to use registered rules.

Before you begin

This installation process example assumes that:
  • The host OS is CentOS 6.8. You may need to adapt the installation process for other OS distributions.
  • The Napatech Software Suite and libpcap with Napatech extensions are installed as described in DN-0379 and DN-0428. For this example, the Napatech Software Suite and Napatech libpcap were installed in the default installation directory, /opt/napatech3/.
  • You have installed the software packages required for building and running libdnet, daq, and Snort, such as pcre and zlib libraries and headers.
  • The snort.conf from the Snort rules package may assume that additional software packages are installed, such as lzma libraries and headers.

Steps

To prepare for Snort installation, perform the following steps.

Procedure

  1. Download this software package from https://github.com/dugsong/libdnet/releases/tag/libdnet-1.12:
    • libdnet-1.12.tar.gz
  2. Download snort software packages from https://www.snort.org
    1. To download registered snort rules, you must register and log in to https://www.snort.org.
    2. Download these software packages from https://www.snort.org/downloads/:
      • daq-2.0.6.tar.gz
      • snort-2.9.9.0.tar.gz
      • snortrules-snapshot-2990.tar.gz

      The version number of the Snort rules package must correspond to the version number of the Snort package.

      Only very recent releases of Snort and daq are available from https://www.snort.org/downloads/. You can get earlier releases from http://sourceforge.net/projects/snort/.