Get Started
Rules
Documents
Snort 3.0 Beta Available...
 
Get Started
Rules
Documents
Snort 3.0 Beta Available...

Step 1

Find the appropriate package for your operating system and install.

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
                      
wget https://www.snort.org/downloads/snort/snort-2.9.14.1.tar.gz
tar xvzf daq-2.0.6.tar.gz
                      
cd daq-2.0.6
./configure && make && sudo make install
tar xvzf snort-2.9.14.1.tar.gz
                      
cd snort-2.9.14.1
./configure --enable-sourcefire && make && sudo make install
Downloads
yum install https://www.snort.org/downloads/snort/
                      
yum install https://www.snort.org/downloads/snort/snort-2.9.14.1-1.f29.x86_64.rpm
Downloads

snort-2.9.14.1-1.f29.x86_64.rpm
yum install https://www.snort.org/downloads/snort/
                      
yum install https://www.snort.org/downloads/snort/snort-2.9.14.1-1.centos7.x86_64.rpm
Downloads

snort-2.9.14.1-1.centos7.x86_64.rpm
pkg install snort
execute: Snort_2_9_14_1_Installer.exe
Downloads
Snort_2_9_14_1_Installer.exe
Step 2
Sign up/Subscribe

Sign up and get your Oinkcode. We recommend that everyone subscribe to get the latest detections. For those unable to subscribe, creating an account on Snort.org will still give you access to the registered user rule packages.

Step 3

Stay current with the latest updates using PulledPork

wget https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz
tar -xvzf community.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snort3-community-rules.tar.gz
community-rules.tar.gz
Download the rule package that corresponds to your Snort version, for more information on how to retreive your oinkcode.
wget https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2983.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2990.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-3000.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-3000.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29111.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29120.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29130.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29130.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29141.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29141.tar.gz
tar -xvzf snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2983.tar.gz
snortrules-snapshot-2990.tar.gz
snortrules-snapshot-3000.tar.gz
snortrules-snapshot-29111.tar.gz
snortrules-snapshot-29120.tar.gz
snortrules-snapshot-29130.tar.gz
snortrules-snapshot-29141.tar.gz
Download the rule package that corresponds to your Snort version, for more information on how to retreive your oinkcode.
wget https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2983.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2990.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-3000.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-3000.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29111.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29120.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29130.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29130.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29141.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29141.tar.gz
tar -xvzf snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2983.tar.gz
snortrules-snapshot-2990.tar.gz
snortrules-snapshot-3000.tar.gz
snortrules-snapshot-29111.tar.gz
snortrules-snapshot-29120.tar.gz
snortrules-snapshot-29130.tar.gz
snortrules-snapshot-29141.tar.gz
Step 4
Read Docs

For more details please reference our install guides on the documents page.

What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on the name below.
Official Documentation

Snort Users Manual

Snort Team

Registered vs. Subscriber

Joel Esler

Snort FAQ

Snort Team / Open Source Community
Additional Resources

Snort.conf examples

Joel Esler

How to find and use your Oinkcode

Joel Esler

What do the base policies mean?

Joel Esler
Webcast Slides

OpenAppId Detection Webinar

Costas Kleopa
Submit a False Positive
Please sign in and click the false positives tab in your account dashboard
Rule Docs
1-51064
This event is generated when a Memcached SASL auth opcode request heap buffer overflow is detected
1-51063
This event is generated when a Memcached SASL auth opcode request heap buffer overflow is detected
1-51062
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.
more documents...
With over 5 million downloads and over 600,000 registered users, it is the most widely deployed intrusion prevention system in the world.
With over 5 million downloads and over 600,000 registered users, it is the most widely deployed intrusion prevention system in the world.