Snort has three primary functional modes. It can be used as a packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection and prevention system. Please read the snort_manual.pdf file that should be included with this distribution for full documentation on the program as well as a guide to getting started. This package builds a very basic snort implimentation useful for monitoring traffic as an IDS or packet logger and as a sort of improved tcpdump (which is what I use it for). MySQL support is included, so you should have little trouble hooking snort up to a database or ACID. For more information on these, check out snort's homepage at: http://www.snort.org/ http://www.snort.org/docs/ snort.org has a nasty habit of changing the location of their source code, which means there's no garauntee that the link in snort.info is correct. If you can't get that link to work, look for the source code at: http://www.snort.org/dl/old/ In order for Snort to function properly, you need to provide rule files. I recommend registering for free at http://www.snorg.org so you can get these files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi and get the latest 2.8 series VRT Certified Rules. You need to untar this file and place follow files from etc in the tarball in to your /etc/snort directory : generators gen-msg.map sid sid-msg.map If you are going to use a front end like Base, you should copy the dog/signatures directory from the tarball in to /usr/doc/snort-$VERSION/ . Last, but certainly not least, you must copy the contents of the rules/ directory in the tarball to /etc/snort/rules/ . After you've done this, you can safely restart snort or send a HUP to snort to reload the files (killall -HUP snort). A rc.snort file has been included for your convenience, but it needs to be added to your init script of choice to run on boot. You should modify the variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor. This Slackbuild is no longer maintained by Alan Hicks, but rather me (Thomas York), so email me instead if you have any questions. --Thomas York (straterra@fuhell.com)