Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Official Documentation
Snort FAQ
Snort Team / Open Source Community
Snort Users Manual
Snort Team
Snort Users Manual (HTML)
Snort Team
Snort Setup Guides
Snort 2.9.7.x on OpenSuSE 13x
William Parker
Snort 2.9.7.x on OpenSuSE 12
William Parker
Snort 2.9.0.x with PF_RING inline deployment
Metaflows Google Group
Snort 2.9.7.x on NetBSD 5.1.x
William Parker
Snort 2.9.7.x on CentOS 6.x and 7.x
William Parker
Snort 2.9.7.x on FreeBSD 9.0
William Parker
Snort 2.9.7.x on OpenSuSE 12x
William Parker
Snort 2.9.6.x on Debian 7.6
Jason Weir
Snort 2.9.7.x on Ubuntu 12 LTS and 14 LTS
Noah Dietrich
Snort 2.9.7.x on FreeBSD 8.2
William Parker
Snort 2.9.7.x on Fedora 17/18/19
William Parker
Snort 29.7.x Setup Guides for Windows
WinSnort.com
Snort 2.9.7.x on OpenBSD 5.x
William Parker
Snort StartUp Scripts
Snort Startup Script for NetBSD 5.x
William Parker
Snort Startup Script for OpenSuSE 12.x
William Parker
Snort Startup Script for OpenBSD 5.x
William Parker
Snort Startup Script for OpenSuSE 11.4
William Parker
Snort Startup Script for Fedora
William Parker
Snort Startup Script for NetBSD 6.x
William Parker
Snort Startup Script for Freebsd 8.x
William Parker
Snort Startup Script for CentOS
William Parker
Snort Deployment Guides
Changing from IDS to IPS with NFQueue
James Lay
Snort IPS using DAQ AFPacket
Yaser Mansour
Integrating Snort and AlienVault OSSIM
William Parker
RSyslog rate limiting configuration
William Parker
How to make some Home Routers mirror traffic to Snort
William Parker
Snort Related Whitepapers
VRT Methodology Whitepaper
Vulnerability Research Team (VRT)
HTTP Evasions Revisited
Daniel Roelker
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules
Steve Sturges
Inline Normalization using Snort 2.9.0
Russ Combs
Target Based Stream Reassembly
Judy Novak
Target Based Fragmentation Reassembly
Judy Novak
Additional Resources
dpx-1.7.tar.gz
Possible Packet Loss During Reassembly for Snort IDS/IPS Sensors
William Parker
Snort.conf examples
Joel Esler
DPX Readme
Snort site
Webcast Slides
Open Source Community Webinar
Joel Esler
Effective Problem Reporting: How to Get Your Problems Noticed and Fixed
Introduction to Snort: Part 1
Nick Moore
OpenAppId Community Webinar
Costas Kleopa
Using the Host Attribute Table in Snort
Intro to Snort
Ed Mendez
Writing Effective Rules, Part II
Matt Olney
Pimp My Snort
Leon Ward
Performance Tuning: Rules & Preprocessors
Writing Effective Rules, Part I
Matt Olney
OpenAppId Detection Webinar
Costas Kleopa
Using Multiconfig
John Gay
Snort Tuning 101
Nick Moore
Latest rule documents - Search
23461
This event is generated when an attempt is made to exploit a known vulnerability in quicktime.
140-9
This event is generated when the SIP preprocessor detects anomalous network traffic.
140-8
This event is generated when the SIP preprocessor detects anomalous network traffic.
140-7
This event is generated when the SIP preprocessor detects anomalous network traffic.
140-6
This event is generated when the SIP preprocessor detects anomalous network traffic.
140-5
This event is generated when the SIP preprocessor detects anomalous network traffic.