Snort : Firing up OpenAppID
Preface The purpose of this post is to provide guidance to Snort users who would like to try out Snort 2.9.7.0 and the OpenAppID features that it comes with. It is not intended to guide the reader through setting up Snort from scratch, there are plenty of docs on how to set up Snort at http://www.snort.org/docs. Snort Before we can download the latest Snort source code and compile it, we have a new prerequisite to fulfill before we can compile Snort. You'll need to install Luajit , which is used to define application detectors with the new OpenAppID. Step #1, Prep the system. You’ll need to download the following files from snort.org download page : * daq-xxx.tar.gz * snort-2.9.7.0_xxx.tar.gz * snort-openappid-detectors.xxx.tgz * snortrules-snapshot-xxx.tar.gz Step #2, Install Snort requirements On my Ubuntu system this was as easy as the following command. # sudo apt-get install openssl libssl-dev build-essential g++ flex bison ...