weslambert edited this page May 7, 2018 · 14 revisions
Clone this wiki locally


Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.


In Security Onion, we compile Snort with PF_RING to allow you to spin up multiple instances to handle more traffic.


You can configure Snort via snort.conf:
(where HOSTNAME is your actual hostname and INTERFACE is your actual sniffing interface)

If you would like to configure/manage IDS rules, please see:


If you need to troubleshoot Snort, check the Snort log file:
(where HOSTNAME is your actual hostname, INTERFACE is your actual sniffing interface, and X represents the number of PF_RING instances)

More Information

For more information about Snort, please see: