Snort3 (Get Oinkcode for snort3)

Summary

Installing and configuring Snort3. And log analysis by SnortSnarf.

User registration and get your Oinkcode.

・User registration

    Register as a user at https://www.snort.org/users/sign_up.

・Get Oinkcode

    After logging in from https://www.snort.org/users/sign_in, https://www.snort.org/
   Step2 in the page Click "Sign up/Subscribe" and after the screen transition,
   Click "Oinkcode" in the upper left. Make a note of it for later use.

Creating Snort User

    [root]# useradd --shell /sbin/nologin --no-create-home --user-group snort

Creating Logging Directory

    [root]# mkdir /var/log/snort
    [root]# chown snort:snort /var/log/snort

      /var/log/snort/alert_fast.txt
      /var/log/snort/file.log

Log rotation

    [root]# vim /etc/logrotate.d/snort

      /var/log/snort/alert_fast.txt /var/log/snort/*log {
          weekly
          rotate 4
          create 0600 snort snort
          dateext
          missingok
          compress
          notifempty
          sharedscripts
          postrotate
              /usr/bin/systemctl restart snortd 1>/dev/null || true
          endscript
      }

・Operation test

    [root]# logrotate -f /etc/logrotate.d/snort

      alert_fast.txt-20210328.gz
      file.log-20210328.gz

    [root]# cat /var/lib/logrotate/logrotate.status

      "/var/log/snort/alert_fast.txt" 2021-3-28-14:26:28
      "/var/log/snort/file.log" 2021-3-28-14:26:28