네트워크 보안 - Snort 명령어 모음

 

 

rules 경로

 

ls -l /etc/snort/rules/

 

 

ICMP 감지 룰

 

# vi /etc/snort/rules/local.rules

alert icmp any any -> any any (msg:"ICMP Detected";sid:1000001;)

 

 

 

Snort 실행(Linux)

 

snort -c /etc/snort/rules/local.rules -i eth0

 

 

Snort 실행(Windows)

 

snort -c c:\Snort\rules\local.rules -l C:\Snort\log\

 

 

로그(alert) 확인

 

tail -f /var/log/snort/alert

 

 

 

참고: 

https://net123.tistory.com/580

Snort - 04. Snort 룰 구성 및 테스트