Automic VaultAutomic Vault

brew

Install snort with Homebrew, apk, MacPorts, Nix, apt

Flexible Network Intrusion Detection System. Version 3.12.2.0 via Homebrew; verified 2026-06-27.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install snort

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install snort

MacPorts ports tree · net/snort/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add snort

Alpine Linux edge package indexes · snort · source: dl-cdn.alpinelinux.org

Nixverified · 92%
nix profile install nixpkgs#snort

nixpkgs package indexes · pkgs/by-name/sn/snort/package.nix · source: api.github.com

Ubuntu aptverified · 92%
sudo apt install snort

Ubuntu 24.04 LTS package indexes · snort · source: archive.ubuntu.com

overview

Package summary

Flexible Network Intrusion Detection System

Commands and aliases

  • appid_detector_builder.sh
  • show_flows
  • snort
  • snort2lua
  • u2boat
  • u2spewfoo

history

Project history and usage

Snort is a long-running open-source intrusion detection and prevention system whose command-line engine, rule language, and packaging history make it one of the canonical security tools in Unix and network-operations package collections.

Project history

Snort's official GPL page carries Martin Roesch copyrights beginning in 1998, and Snort's own site describes it as an open-source IPS capable of real-time traffic analysis and packet logging. The project evolved from a packet sniffer and logger into a rule-driven network IDS/IPS with community and subscriber rules.

Snort 3, also known in the repository README as Snort++, was officially released on January 19, 2021 as version 3.1.0.0 after more than seven years of development. The official announcement describes a ground-up rework with faster rules, more user control, multi-environment support, multi-threaded packet processing, Lua configuration, pluggable components, service autodetection, sticky buffers, and autogenerated reference documentation.

Adoption history

Snort has a package-manager footprint because it is both a classic open-source security engine and an operational dependency for labs, appliances, training environments, and production sensors. The supplied package metadata lists Homebrew, Alpine, MacPorts, Nix, and Ubuntu packaging, while Snort.org points users to source releases, GitHub code, rule downloads, setup guides, and the Snort 3 manual.

How it is used

Snort is used as a packet sniffer, packet logger, network intrusion detection system, and inline prevention system. Snort 3 users typically build or install the engine, configure Lua files such as `snort.lua`, add rule sets, validate the configuration, then run against live interfaces or PCAP files with alert output suitable for analysts and automation.

Why package nerds care

Package nerds care about Snort because it exercises nearly every hard part of packaging security software: libpcap/DAQ integration, LuaJIT configuration, C++ build requirements, rule data that changes independently from the engine, optional acceleration libraries, service files, sample configs, and upgrades between major rule-engine generations.

Timeline

  • 1998: Official GPL page lists Martin Roesch copyrights beginning with Snort's early releases.
  • 2014: Snort 3-era copyright line begins under Cisco and affiliates in official version-output examples.
  • 2021-01-19: Snort 3 version 3.1.0.0 officially released.
  • 2026: Snort blog announces end-of-life for older Snort 2 and Snort 3 rule-support versions and encourages use of current Snort 3 packages.

Related projects

  • Snort is commonly discussed alongside tcpdump for packet sniffing, libpcap for capture, DAQ for packet I/O, Cisco Talos for rule development, and other IDS/IPS systems such as Suricata.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:network

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 10 runtime dependencies.
  • Build metadata lists 3 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
snort.luasnort_defaults.lua

executables

Installed executables

CommandKindExposureNote
appid_detector_builder.shcliglobal executable
show_flowscliglobal executable
snortcliglobal executable
snort2luacliglobal executable
u2boatcliglobal executable
u2spewfoocliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.12.2.0
manager updated2026-06-27
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/snort3/snort3

install metadata

Package metadata

Package keybrew:snort
Version3.12.2.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/snort
Homepagehttps://www.snort.org
Repositoryhttps://github.com/snort3/snort3
Upstream docshttps://docs.snort.org/rules
LicenseGPL-2.0-only
Source archivehttps://github.com/snort3/snort3/archive/refs/tags/3.12.2.0.tar.gz
Last updated2026-06-27T17:38:03-04:00
Pulseupdated
Dependenciesdaq, hwloc, jemalloc, libdnet, libpcap, luajit, openssl@3, pcre2, vectorscan, xz
Build dependenciescmake, flex, pkgconf
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared
CaveatsFor snort to be functional, you need to update the permissions for /dev/bpf* so that they can be read by non-root users. This can be done manually using: sudo chmod o+r /dev/bpf* or you could create a startup item to do this for you.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesnort
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

snort

nix profile install nixpkgs#snort
  • normalized package name match
  • Matched by: Snort
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/sn/snort/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

snort 2.9.20-0+deb11u1ubuntu1

flexible Network Intrusion Detection System

https://www.snort.org/

sudo apt install snort
  • Section: universe/net
  • Architecture: amd64
  • 20 dependencies
  • 2 optional deps
  • normalized package name match
  • Matched by: Snort
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: snort from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

snort-common 2.9.20-0+deb11u1ubuntu1

flexible Network Intrusion Detection System - common files

https://www.snort.org/

sudo apt install snort-common
  • Section: universe/net
  • Architecture: all
  • Source Package: snort
  • 4 dependencies
  • 1 optional deps
  • normalized package name match
  • Matched by: Snort
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: snort-common from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

snort-common-libraries 2.9.20-0+deb11u1ubuntu1

flexible Network Intrusion Detection System - libraries

https://www.snort.org/

sudo apt install snort-common-libraries
  • Section: universe/net
  • Architecture: amd64
  • Source Package: snort
  • 5 dependencies
  • 3 optional deps
  • normalized package name match
  • Matched by: Snort
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: snort-common-libraries from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

snort-doc 2.9.20-0+deb11u1ubuntu1

flexible Network Intrusion Detection System - documentation

https://www.snort.org/

sudo apt install snort-doc
  • Section: universe/doc
  • Architecture: all
  • Source Package: snort
  • normalized package name match
  • Matched by: Snort
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: snort-doc from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

snort-rules-default 2.9.20-0+deb11u1ubuntu1

flexible Network Intrusion Detection System - ruleset

http://www.snort.org/snort-rules/

sudo apt install snort-rules-default
  • Section: universe/net
  • Architecture: all
  • Source Package: snort
  • 3 dependencies
  • 1 provides
  • 4 optional deps
  • normalized package name match
  • Matched by: Snort
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: snort-rules-default from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

snort 3.9.2.0-r0

Open source network intrusion prevention and detection system

https://www.snort.org/

sudo apk add snort
  • License: GPL-2.0-only
  • Architecture: x86_64
  • Source Package: snort
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Snort
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: snort from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

snort-dev 3.9.2.0-r0

Open source network intrusion prevention and detection system (development files)

https://www.snort.org/

sudo apk add snort-dev
  • License: GPL-2.0-only
  • Architecture: x86_64
  • Source Package: snort
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Snort
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: snort-dev from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

snort-doc 3.9.2.0-r0

Open source network intrusion prevention and detection system (documentation)

https://www.snort.org/

sudo apk add snort-doc
  • License: GPL-2.0-only
  • Architecture: x86_64
  • Source Package: snort
  • normalized package name match
  • Matched by: Snort
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: snort-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

snort-openrc 3.9.2.0-r0

Open source network intrusion prevention and detection system (OpenRC init scripts)

https://www.snort.org/

sudo apk add snort-openrc
  • License: GPL-2.0-only
  • Architecture: x86_64
  • Source Package: snort
  • normalized package name match
  • Matched by: Snort
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: snort-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
MacPorts95%

snort

sudo port install snort
  • normalized package name match
  • Matched by: Snort
MacPorts ports tree · api.github.com · MacPorts ports tree: net/snort/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment