macOS
brew install snortlocal Homebrew formula metadata
sudo port install snortMacPorts ports tree · net/snort/Portfile · source: api.github.com
brew
Flexible Network Intrusion Detection System. Version 3.12.2.0 via Homebrew; verified 2026-06-27.
install
brew install snortlocal Homebrew formula metadata
sudo port install snortMacPorts ports tree · net/snort/Portfile · source: api.github.com
sudo apk add snortAlpine Linux edge package indexes · snort · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#snortnixpkgs package indexes · pkgs/by-name/sn/snort/package.nix · source: api.github.com
sudo apt install snortUbuntu 24.04 LTS package indexes · snort · source: archive.ubuntu.com
overview
Flexible Network Intrusion Detection System
history
Snort is a long-running open-source intrusion detection and prevention system whose command-line engine, rule language, and packaging history make it one of the canonical security tools in Unix and network-operations package collections.
Snort's official GPL page carries Martin Roesch copyrights beginning in 1998, and Snort's own site describes it as an open-source IPS capable of real-time traffic analysis and packet logging. The project evolved from a packet sniffer and logger into a rule-driven network IDS/IPS with community and subscriber rules.
Snort 3, also known in the repository README as Snort++, was officially released on January 19, 2021 as version 3.1.0.0 after more than seven years of development. The official announcement describes a ground-up rework with faster rules, more user control, multi-environment support, multi-threaded packet processing, Lua configuration, pluggable components, service autodetection, sticky buffers, and autogenerated reference documentation.
Snort has a package-manager footprint because it is both a classic open-source security engine and an operational dependency for labs, appliances, training environments, and production sensors. The supplied package metadata lists Homebrew, Alpine, MacPorts, Nix, and Ubuntu packaging, while Snort.org points users to source releases, GitHub code, rule downloads, setup guides, and the Snort 3 manual.
Snort is used as a packet sniffer, packet logger, network intrusion detection system, and inline prevention system. Snort 3 users typically build or install the engine, configure Lua files such as `snort.lua`, add rule sets, validate the configuration, then run against live interfaces or PCAP files with alert output suitable for analysts and automation.
Package nerds care about Snort because it exercises nearly every hard part of packaging security software: libpcap/DAQ integration, LuaJIT configuration, C++ build requirements, rule data that changes independently from the engine, optional acceleration libraries, service files, sample configs, and upgrades between major rule-engine generations.
security posture
broad file, network, media, or database tool signal.
blue risk · medium confidence · tool
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
snort.luasnort_defaults.luaexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
appid_detector_builder.sh | cli | global executable | |
show_flows | cli | global executable | |
snort | cli | global executable | |
snort2lua | cli | global executable | |
u2boat | cli | global executable | |
u2spewfoo | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/snort3/snort3
install metadata
| Package key | brew:snort |
|---|---|
| Version | 3.12.2.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/snort |
| Homepage | https://www.snort.org |
| Repository | https://github.com/snort3/snort3 |
| Upstream docs | https://docs.snort.org/rules |
| License | GPL-2.0-only |
| Source archive | https://github.com/snort3/snort3/archive/refs/tags/3.12.2.0.tar.gz |
| Last updated | 2026-06-27T17:38:03-04:00 |
| Pulse | updated |
| Dependencies | daq, hwloc, jemalloc, libdnet, libpcap, luajit, openssl@3, pcre2, vectorscan, xz |
| Build dependencies | cmake, flex, pkgconf |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | For snort to be functional, you need to update the permissions for /dev/bpf* so that they can be read by non-root users. This can be done manually using: sudo chmod o+r /dev/bpf* or you could create a startup item to do this for you. |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | snort |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
snort
nix profile install nixpkgs#snortsnort 2.9.20-0+deb11u1ubuntu1
flexible Network Intrusion Detection System
sudo apt install snortsnort-common 2.9.20-0+deb11u1ubuntu1
flexible Network Intrusion Detection System - common files
sudo apt install snort-commonsnort-common-libraries 2.9.20-0+deb11u1ubuntu1
flexible Network Intrusion Detection System - libraries
sudo apt install snort-common-librariessnort-doc 2.9.20-0+deb11u1ubuntu1
flexible Network Intrusion Detection System - documentation
sudo apt install snort-docsnort-rules-default 2.9.20-0+deb11u1ubuntu1
flexible Network Intrusion Detection System - ruleset
http://www.snort.org/snort-rules/
sudo apt install snort-rules-defaultsnort 3.9.2.0-r0
Open source network intrusion prevention and detection system
sudo apk add snortsnort-dev 3.9.2.0-r0
Open source network intrusion prevention and detection system (development files)
sudo apk add snort-devsnort-doc 3.9.2.0-r0
Open source network intrusion prevention and detection system (documentation)
sudo apk add snort-docsnort-openrc 3.9.2.0-r0
Open source network intrusion prevention and detection system (OpenRC init scripts)
sudo apk add snort-openrcsnort
sudo port install snortsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.