下載規則庫
https://www.snort.org/downloads
要先註冊才能下載

將preproc_rules rules so_rules複製到到snort目錄下，如下：

修改設定檔案 C:\Snort\etc\snort.conf
var RULE_PATH ../rules
var SO_RULE_PATH ../so_rules
var PREPROC_RULE_PATH ../preproc_rules
改成安裝路徑

#path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

#path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

#path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules
改成

註解掉

查詢網路卡
Snort -w

snort –i1 -dev -l C:\Snort\log -c C:\Snort\etc\snort.conf

記錄檔

記錄檔傳到 log server
output alert_syslog: host=xx.xx.xx.xx:514, LOG_AUTH LOG_ALERT