Get Started
Rules
Documents
Snort 3.0 Alpha Available...
 
Get Started
Rules
Documents
Snort 3.0 Alpha Available...
Snort 2.9.7.0 has been posted!
Snort 2.9.7.0 has been posted!
For more details please read our blog post.

Get Started
Step 1

Find the appropriate package for your operating system and install.

wget https://www.snort.org/downloads/snort/daq-2.0.4.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.7.0.tar.gz
tar xvfz daq-2.0.4.tar.gz
cd daq-2.0.4
./configure; make; sudo make install
tar xvfz snort-2.9.7.0.tar.gz
cd snort-2.9.7.0
./configure --enable-sourcefire; make; sudo make install
Downloads
snort-2.9.7.0.tar.gz
daq-2.0.4.tar.gz
yum install https://www.snort.org/downloads/snort/daq-2.0.4.F20.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.7.0-1.f20.x86_64.rpm
Downloads
daq-2.0.4.F20.x86_64.rpm
snort-2.9.7.0-1.f20.x86_64.rpm
yum install https://www.snort.org/downloads/snort/daq-2.0.4.centos7.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.7.0-1.centos7.x86_64.rpm
Downloads
daq-2.0.4.centos7.x86_64.rpm
snort-2.9.7.0-1.centos7.x86_64.rpm
pkg install snort
execute: Snort_2_9_7_0_Installer.exe
Downloads
Snort_2_9_7_0_Installer.exe
Step 2
Sign up/Subscribe

Sign up and get your Oinkcode. We recommend that everyone subscribe to get the latest detections. For those unable to subscribe, creating an account on Snort.org will still give you access to the registered user rule packages.

Step 3

Stay current with the latest updates using PulledPork

wget https://www.snort.org/rules/community
tar -xvfz community.tar.gz -C /etc/snort/rules
Downloads
opensource.tar.gz
community-rules.tar.gz
Download the rule package that corresponds to your snort version.
wget https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=<oinkcode>
wget https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz?oinkcode=<oinkcode>
tar -xvfz snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2970.tar.gz
snortrules-snapshot-2962.tar.gz
Download the rule package that corresponds to your snort version.
wget https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=<oinkcode>
wget https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz?oinkcode=<oinkcode>
tar -xvfz snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2970.tar.gz
snortrules-snapshot-2962.tar.gz
Step 4
Read Docs

For more details please reference our install guides on the documents page.

What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Documents
The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on the name below.
Webcast Slides

OpenAppId Detection Webinar

Costas Kleopa
Official Documentation

Snort FAQ

Snort Team / Open Source Community

Snort Users Manual (HTML)

Snort Team

Snort Users Manual

Snort Team

Registered vs. Subscriber

Joel Esler
Additional Resources

How to find and use your Oinkcode

Joel Esler

Snort.conf examples

Joel Esler
more documents...
With over 4 million downloads and nearly 500,000 registered users, it is the most widely deployed intrusion prevention system in the world.
With over 4 million downloads and nearly 500,000 registered users, it is the most widely deployed intrusion prevention system in the world.

Blogs