使用 PF_RING 來加速 Snort

安裝 Snort

參考 在Ubuntu14.04上安裝 Snort

安裝 PF_RING

git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel
make
sudo insmod ./pf_ring.ko
cd ../userland
make
cd [PF_RING PATH]/userland/lib
sudo ./configure
sudo make
sudo make install

安裝 pfring-daq-module

cd [PF_RING PATH]/userland/snort/pfring-daq-module
autoreconf -ivf
sudo ./configure
sudo make
sudo make install

於 IDS mode 執行 Snort

sudo snort --daq-dir=/usr/local/lib/daq --daq pfring --daq-mode passive -i eth0 -v -e