Home - Snort.Org

Step 1

Find the appropriate package for your operating system and install.

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.8.0.tar.gz

tar xvfz daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install

tar xvfz snort-2.9.8.0.tar.gz
cd snort-2.9.8.0
./configure --enable-sourcefire && make && sudo make install

Downloads

snort-2.9.8.0.tar.gz

daq-2.0.6.tar.gz

yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.f21.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.8.0-1.f21.x86_64.rpm

Downloads

daq-2.0.6-1.f21.x86_64.rpm

snort-2.9.8.0-1.f21.x86_64.rpm

yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.8.0-1.centos7.x86_64.rpm

Downloads

daq-2.0.6-1.centos7.x86_64.rpm

snort-2.9.8.0-1.centos7.x86_64.rpm

pkg install snort

execute: Snort_2_9_8_0_Installer.exe

Downloads

Snort_2_9_8_0_Installer.exe

Step 2

Sign up and get your Oinkcode. We recommend that everyone subscribe to get the latest detections. For those unable to subscribe, creating an account on Snort.org will still give you access to the registered user rule packages.

Step 3

Stay current with the latest updates using PulledPork

wget https://www.snort.org/rules/community

tar -xvfz community.tar.gz -C /etc/snort/rules

Downloads

community-rules.tar.gz

opensource.tar.gz

Download the rule package that corresponds to your snort version.

wget https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=<oinkcode>
wget https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz?oinkcode=<oinkcode>

tar -xvfz snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules

Downloads

snortrules-snapshot-2976.tar.gz

snortrules-snapshot-2980.tar.gz

opensource.gz

Download the rule package that corresponds to your snort version.

wget https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz?oinkcode=<oinkcode>
wget https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=<oinkcode>

tar -xvfz snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules

Downloads

snortrules-snapshot-2980.tar.gz

snortrules-snapshot-2976.tar.gz

opensource.gz

Step 4

Read Docs

For more details please reference our install guides on the documents page.

Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on the name below.

Webcast Slides

OpenAppId Detection Webinar

Costas Kleopa

Official Documentation

Snort FAQ

Snort Team / Open Source Community

Snort Users Manual (HTML)

Snort Team

Snort Users Manual

Snort Team

Registered vs. Subscriber

Joel Esler

Additional Resources

How to find and use your Oinkcode

Joel Esler

Snort.conf examples

Joel Esler

Rule Docs

1-38271

SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt

1-38270

SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt

1-38269

SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt

Snort 2.9.8.0 is now available

Find the appropriate package for your operating system and install.

Sign up and get your Oinkcode. We recommend that everyone subscribe to get the latest detections. For those unable to subscribe, creating an account on Snort.org will still give you access to the registered user rule packages.

Stay current with the latest updates using PulledPork

Download the rule package that corresponds to your snort version.

Download the rule package that corresponds to your snort version.

For more details please reference our install guides on the documents page.

Please use this search to look for any rule by entering either a SID, a CVE, or simply entering any generic search text.