Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.
In Security Onion, we compile Snort with PF_RING to allow you to spin up multiple instances to handle more traffic.
You can configure Snort via snort.conf:
(where HOSTNAME is your actual hostname and INTERFACE is your actual sniffing interface)
If you would like to configure/manage IDS rules, please see:
If you need to troubleshoot Snort, check the Snort log file:
(where HOSTNAME is your actual hostname, INTERFACE is your actual sniffing interface, and X represents the number of PF_RING instances)
For more information about Snort, please see: