Snort is an intrusion prevention system, network monitor, and alert daemon.
emerge --ask snort
Gentoo requires snort users to define the interface being monitored the /etc/conf.d/snort configuration file.
Snort ships with an example config that must be moved and edited:
cp /etc/snort/snort.conf.distrib /etc/snort/snort.conf
white_list.rules and black_list.rules file not found
PROBLEM: Unable to open address file /etc/snort/white_list.rules or /etc/snort/black_list.rules, Error: No such file or directory
SOLUTION: create those 2 files in /etc/snort/ or /etc/snort/rules/ directory and change the location appropriately in /etc/snort/snort.conf
FATAL ERROR: Can't initialize DAQ afpacket (-1) -
PROBLEM: Snort daemon fails to load with the error 'FATAL ERROR: Can't initialize DAQ afpacket (-1) -'
SOLUTION: Install the package net-libs/libnetfilter_queue and enable the kernel option CONFIG_NETFILTER_NETLINK_QUEUE, after that in snort.conf change the option config daq: afpacket too config daq: pcap
To start snort at boot:
rc-update add snort default
To start snort immediately:
rc-service snort start