A few notes about Snort.

• /usr/lib/dynamicengine/libsf_engine.so -> /usr/lib/snort/dynamicengine/libsf_engine.so
• Download the rules
• Snort does not rotate its logs, so add it to the log rotator.
• Watch the alert log closely in the beginning and fine tune the rules early to avoid being swamped in irrelevant warnings.
• Use “lowmem” in the configuration and run with “-k 0” to reduce the memory usage.
• SGUIL is a nice tool for the analysis.