CenOS 用PF_RING优化Snort

0.优化顺序

　　安装PF_RING的kernel模块
　　安装PF_RING的用户态库
　　安装Snort的DAQ
　　安装PF_RING的pfring-daq-module
　　安装snort
　　安装PF_RING-aware网卡驱动

1.PF_RING安装请参考kernel、用户态库、网卡驱动请参考 CentOS安装PF_RING

2.https://www.snort.org/下载并安装daq

tar xvfz daq-2.0.2.tar.gz
cd daq-2.0.2
./configure; make;make install

3.安装PF_RING的pfring-daq-module

cd PF_RING-6.0.1/userland/snort/pfring-daq-module
autoreconf -ivf
./configure;make;make install

4.https://www.snort.org/下载并安装snort

tar xvfz snort-2.9.6.2.tar.gz
cd snort-2.9.6.2
./configure --enable-sourcefire; make;make install

5.配置snort

6.运行snort

 snort --daq-dir=/usr/local/lib/daq --daq pfring --daq-mode passive -i eth0 -v -e