ubuntu下snort的安装

1点击连接安装以下软件

点击打开链接

2.解压daq源码包，此时直接安装daq会有报错，缺少各种各样的依赖包，所以要先安装依赖包：bison、flex、libpcap(安装过程见我上一篇博文)

3.编译安装dap:  进入解压好的文件夹    ./configure

3.如果出现以下错误,点击(点击打开链接),安装pcre-8.40.tar.gz,并解压 编译 安装 

#./configure

#make

#make check

#make install

错误原文: 

    checking pcre.h usability… no
   
    checking pcre.h presence… no
   
    checking for pcre.h… no
   
    ERROR!  Libpcre header not found.
   
    Get it from http://www.pcre.org

4.再回到dap目录下继续 ./configure     如果出现如下,则配置成功

    Build AFPacket DAQ module.. : yes      Build Dump DAQ module...... : yes      Build IPFW DAQ module...... : yes      Build IPQ DAQ module....... : no      Build NFQ DAQ module....... : no      Build PCAP DAQ module...... : yes      Build netmap DAQ module...... : no  

5.编译:sudo autoreconf -ivf  (如果没有autoreconf,   安装 sudo apt-get install autoconf automake libtool)

  安装 : sudo make
             sudo make install

6.进入snort目录,先安装下面的软件：libdumbnet-dev、zlib1g-dev

sudo apt-get install libdumbnet-dev zlib1g-dev

7.编译并安装snort

./configure --enable-sourcefire

sudo autoreconf -ivf

sudo make

sudo make install

snort会被安装到，如下目录：

snort: /usr/local/bin/snort /usr/local/lib/snort

8.启动snort

sudo snort时报错:

/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory

  添加软链接:

sudo find / -type f -name *libpcre.so.*

sudo ln -s    /lib/libpcre.so.0.0.1     /lib/libpcre.so.1

9.启动成功

    Running in packet dump mode                          --== Initializing Snort ==--      Initializing Output Plugins!      pcap DAQ configured to passive.      Acquiring network traffic from "eno16777736".      Decoding Ethernet                          --== Initialization Complete ==--                     ,,_     -*> Snort! <*-        o"  )~   Version 2.9.8.0 GRE (Build 229)          ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team                 Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.                 Copyright (C) 1998-2013 Sourcefire, Inc., et al.                 Using libpcap version 1.7.4                 Using PCRE version: 8.35 2014-04-04                 Using ZLIB version: 1.2.8                  Commencing packet processing (pid=47760)