Snort

Snort is an intrusion prevention system, network monitor, and alert daemon.

Configuration
Gentoo requires snort users to define the interface being monitored the configuration file.

Snort ships with an example config that must be moved and edited:

Troubleshooting
1. Than create empty file in /etc/snort directory.

2. For that install the package net-libs/libnetfilter_queue and enable this kernel option CONFIG_NETFILTER_NETLINK_QUEUE:

OpenRC
To start snort at boot:

To start snort immediately:

External Resources

 * https://wiki.archlinux.org/index.php/Snort
 * http://oinkmaster.sourceforge.net/