Snort FAQ/Wiki

This is the official Snort FAQ/Wiki repository. It was moved from the Snort.org site to Github to allow people to contribute to it through pull requests.

To checkout all the files:

git clone git://github.com/vrtadmin/snort-faq.git

FAQ Pages

What is Snort?

What is Open Source?

What can I do with Snort?

Where can I download Snort?

What is the relationship between Snort and Cisco?

Does Cisco sell Snort?

What is a Snort Integrator?

What is the role of Talos?

I'm not receiving alerts in Snort

I'm receiving an error regarding IP Datagram length, what is the problem?

My Snort log is an empty file, what could be the cause?

Can I have help with my homework?

What is the list of Snort Supported OSes

Lists

What is the mailing list etiquette?

How do I submit questions about Snort?

How do I ask a good question on the Snort list?

Snort.org

What is a registered user?

Why do I need to register?

What if I do not wish to register?

Will my information be shared with any other parties or used for marketing?

How can I provide feedback or suggestions for the site?

Rules

What is a Snort rule?

What is a signature?

What is a vulnerability?

What is an exploit?

What is a protocol?

What are Community Rules?

What are Snort Subscriber Rule Set?

What is a user-defined rule?

Why are rules commented out by default?

How are rules distributed?

Resolving Flowbit Dependancies

What are the differences in the rule sets?

Snort Subscriber Rule Set Subscription

What does having a Snort Subscriber Rule Set subscription entitle me to?

Do I have to subscribe to receive the Snort Subscriber Rule Set?

How much does a subscription cost?

If I purchase a subscription, can I deploy the rules on more than one sensor?

Can I use tools such as PulledPork to manage the subscription?

Where do I go to subscribe to the Snort Subscriber Rule Set?

Licensing

What is the GNU GPL?

What is the Snort Subscriber Rule Set License Agreement?/

What is the Snort Integrator License?

How is the Snort software licensed?

Why are the rules licensed separately from the software?

What license is used if I contribute code for the Snort Engine?

What license is used if I contribute a rule for Snort?

Docs

All the READMEs from the Snort tarball are uploaded here for simple indexing and reading.

README.GTP

README.PLUGINS

README.PerfProfiling

README.SMTP

README.UNSOCK

README.WIN32

README.active

README.alert_order

README.asn1

README.counts

README.csv

README.daq

README.dcerpc2

README.decode

README.decoder_preproc_rules

README.dnp3

README.dns

README.event_queue

README.file

README.file_ips

README.filters

README.flowbits

README.frag3

README.ftptelnet

README.gre

README.ha

README.http_inspect

README.imap

README.ipip

README.ipv6

README.modbus

README.multipleconfigs

README.normalize

README.pcap_readmode

README.pop

README.ppm

README.reload

README.reputation

README.rzb_saac

README.sensitive_data

README.sfportscan

README.sip

README.ssh

README.ssl

README.stream5

README.tag

README.thresholding

README.unified2

README.variables

README.session