Snort Official Documentation

The official documentation produced by the Snort team at Sourcefire

Title Author
Snort Users ManualPDF Small Snort Team
Snort FAQ Snort Team/Open Source Community
The Snort Manual (HTML) Snort Team


Snort Setup Guides

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author. Authors who want comments and feedback may be emailed by clicking on their names below.

If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.

Title Author
Snort 2.9.6.0 on CentOS 6.xPDF Small William Parker
Snort 2.9.6.0 on NetBSD 6.0PDF Small William Parker
Snort 2.9.6.0 on NetBSD 5.1.xPDF Small William Parker
Snort 2.9.6.0 on Fedora 17/18PDF Small William Parker
Snort 2.9.6.0 on OpenSuSE 11.4PDF Small William Parker
Snort 2.9.6.0 on OpenSuSE 12xPDF Small William Parker
Snort 2.9.6.0 on OpenSuSE 13xPDF Small William Parker
Snort 2.9.6.0 on FreeBSD 8.2PDF Small William Parker
Snort 2.9.6.0 on FreeBSD 9.0PDF Small William Parker
Snort 2.9.6.0 on OpenBSD 5.xPDF Small William Parker
Snort Install Guides for Windows Michael Steele
Snort 2.9.3.0 on Ubuntu 12.04 LTSPDF Small David Gullett, Symmetrix Technologies
Snort 2.9.1.2 on Mac OSXPDF Small Christoph Murauer
Snort 2.9.0.x with PF_RING Inline deploymentPDF Small Metaflows Google Group


Snort Startup Scripts

These scripts are intended to get you started with the startup, reload, and shutdown of Snort on the OSes listed below.

Title Author
Snort Startup Script for CentOS William Parker
Snort Startup Script for Fedora William Parker
Snort Startup Script for Freebsd 8.x William Parker
Snort Startup Script for Freebsd 9.x William Parker
Snort Startup Script for NetBSD 5.x William Parker
Snort Startup Script for NetBSD 6.x William Parker
Snort Startup Script for OpenBSD 5.x William Parker
Snort Startup Script for OpenSuSE 11.4 William Parker
Snort Startup Script for OpenSuSE 12.x William Parker


Snort Deployment Guides

The following deployment guides have been contributed by members of the Snort Community for your use. If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.

Title Author
Changing from IDS to IPS with NFQueue James Lay
Integrating Snort and AlienVault OSSIMPDF Small William Parker
RSyslog rate limiting configuration that some Snort users may run intoPDF Small William Parker
Comparison of Popular Snort GUIsPDF Small James Lay
How to make some Home Routers mirror traffic to SnortPDF Small William Parker


Snort Related Whitepapers

The following Whitepapers have been written by Sourcefire employees and may help with your Snort deployment. For further information on these papers, please email snort-team@sourcefire.com

Title Author
VRT Methodology WhitepaperPDF Small Sourcefire Vulnerability Research Team (VRT)
Improving your Custom Snort RulesPDF Small Leon Ward
Inline Normalization using Snort 2.9.0PDF Small Russ Combs
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and RulesPDF Small Steven Sturges
HTTP Evasions RevisitedPDF Small Daniel Roelker
Target Based Fragmentation ReassemblyPDF Small Judy Novak
Target Based Stream ReassemblyPDF Small Judy Novak
Site Search

Documentation Links

Snort Links